Skip to main content

Ivanti

386 CVEs vendor

Monthly

CVE-2018-7572 MEDIUM This Month

Pulse Secure Client 9.0R1 and 5.3RX before 5.3R5, when configured to authenticate VPN users during Windows Logon, can allow attackers to bypass Windows authentication and execute commands on the. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Microsoft Ivanti Pulse Secure Desktop
NVD
CVSS 3.0
6.8
EPSS
0.4%
CVE-2018-6320 CRITICAL Act Now

A vulnerability has been discovered in login.cgi in Pulse Secure Pulse Connect Secure (PCS) 8.1RX before 8.1R12 and 8.3RX before 8.3R2 and Pulse Policy Secure (PPS) 5.2RX before 5.2R9 and 5.4RX. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Ivanti Connect Secure Pulse Connect Secure Pulse Policy Secure
NVD
CVSS 3.0
9.8
EPSS
4.1%
CVE-2018-16261 MEDIUM This Month

In Pulse Secure Pulse Desktop Client 5.3RX before 5.3R5 and 9.0R1, there is a Privilege Escalation Vulnerability with Dynamic Certificate Trust. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Ivanti Pulse Secure Desktop Client
NVD
CVSS 3.0
6.8
EPSS
0.2%
CVE-2018-15865 HIGH This Week

The Pulse Secure Desktop (macOS) has a Privilege Escalation Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Ivanti Apple Pulse Secure Desktop Client
NVD
CVSS 3.0
7.8
EPSS
0.3%
CVE-2018-15749 MEDIUM This Month

The Pulse Secure Desktop (macOS) 5.3RX before 5.3R5 and 9.0R1 has a Format String Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Ivanti Apple Pulse Secure Desktop Client
NVD
CVSS 3.0
5.5
EPSS
0.3%
CVE-2018-15726 MEDIUM This Month

The Pulse Secure Desktop (macOS) 5.3RX before 5.3R5 and 9.0R1 has a Privilege Escalation Vulnerability. Rated medium severity (CVSS 5.3), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Apple Ivanti Command Injection Pulse Secure Desktop Client
NVD
CVSS 3.0
5.3
EPSS
0.3%
CVE-2018-14366 MEDIUM This Month

download.cgi in Pulse Secure Pulse Connect Secure 8.1RX before 8.1R13 and 8.3RX before 8.3R4 and Pulse Policy Secure through 5.2RX before 5.2R10 and 5.4RX before 5.4R4 have an Open Redirect. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Ivanti Open Redirect Connect Secure Pulse Connect Secure Pulse Policy Secure
NVD
CVSS 3.0
6.1
EPSS
1.5%
CVE-2018-8902 MEDIUM This Month

An issue was discovered in Ivanti Avalanche for all versions between 5.3 and 6.2. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Ivanti Avalanche
NVD
CVSS 3.0
6.5
EPSS
1.7%
CVE-2018-8901 HIGH This Week

An issue was discovered in Ivanti Avalanche for all versions between 5.3 and 6.2. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Ivanti Avalanche
NVD
CVSS 3.0
7.8
EPSS
0.7%
CVE-2018-9849 MEDIUM This Month

Pulse Secure Pulse Connect Secure 8.1.x before 8.1R14, 8.2.x before 8.2R11, and 8.3.x before 8.3R5 do not properly process nested XML entities, which allows remote attackers to cause a denial of. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Ivanti Pulse Connect Secure
NVD
CVSS 3.0
5.5
EPSS
1.0%
CVE-2018-6316 HIGH This Week

Ivanti Endpoint Security (formerly HEAT Endpoint Management and Security Suite) 8.5 Update 1 and earlier allows an authenticated user with low privileges and access to the local network to bypass. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. No vendor patch available.

Authentication Bypass Ivanti Endpoint Security
NVD
CVSS 3.0
7.5
EPSS
1.9%
CVE-2018-6374 MEDIUM This Month

The GUI component (aka PulseUI) in Pulse Secure Desktop Linux clients before PULSE5.2R9.2 and 5.3.x before PULSE5.3R4.2 does not perform strict SSL Certificate Validation. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Ivanti Desktop Linux Client
NVD
CVSS 3.0
6.5
EPSS
0.6%
CVE-2018-5299 CRITICAL PATCH Act Now

A stack-based Buffer Overflow Vulnerability exists in the web server in Pulse Secure Pulse Connect Secure (PCS) before 8.3R4 and Pulse Policy Secure (PPS) before 5.4R4, leading to memory corruption. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Memory Corruption Ivanti RCE Buffer Overflow Pulse Connect Secure +1
NVD
CVSS 3.0
9.8
EPSS
3.1%
CVE-2017-11463 HIGH This Week

In Ivanti Service Desk (formerly LANDESK Management Suite) versions between 2016.3 and 2017.3, an Unrestricted Direct Object Reference leads to referencing/updating objects belonging to other users. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Ivanti Information Disclosure Endpoint Manager
NVD GitHub
CVSS 3.0
8.8
EPSS
1.2%
CVE-2017-14935 HIGH PATCH This Week

Pulse Secure Pulse One On-Premise 2.0.1649 and below does not properly validate requests, which allows remote users to query and obtain sensitive information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Ivanti Information Disclosure Pulse One On Premise
NVD
CVSS 3.0
7.5
EPSS
0.3%
CVE-2016-2408 HIGH This Week

Pulse Secure Desktop before 5.2R2 and Pulse Secure Installer Service before 8.2R2 and below for Windows allow restricted users to gain privileges via unspecified vectors. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Ivanti Microsoft Odyssey Access Client Pulse Secure Desktop +2
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2014-3824 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in the web server in the Juniper Junos Pulse Secure Access Service (SSL VPN) devices with IVE OS 8.0 before 8.0r6, 7.4 before 7.4r13, and 7.1 before 7.1r20. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Juniper XSS Ivanti Junos Pulse Secure Access Service
NVD
CVSS 2.0
4.3
EPSS
0.2%
CVE-2014-3823 MEDIUM This Month

The Juniper Junos Pulse Secure Access Service (SSL VPN) devices with IVE OS 8.0 before 8.0r1, 7.4 before 7.4r5, and 7.1 before 7.1r18 allows remote attackers to conduct clickjacking attacks via. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Juniper Information Disclosure Ivanti Junos Pulse Secure Access Service
NVD
CVSS 2.0
4.3
EPSS
0.2%
CVE-2014-3820 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in the SSL VPN/UAC web server in the Juniper Junos Pulse Secure Access Service (SSL VPN) devices with IVE OS 7.1 before 7.1r16, 7.4 before 7.4r3, and 8.0. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Juniper XSS Ivanti Junos Pulse Access Control Service Junos Pulse Secure Access Service
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2014-3812 MEDIUM This Month

The Juniper Junos Pulse Secure Access Service (SSL VPN) devices with IVE OS before 7.4r5 and 8.x before 8.0r1 and Junos Pulse Access Control Service (UAC) before 4.4r5 and 5.x before 5.0r1 enable. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Juniper Information Disclosure Ivanti Ive Os Unified Access Control Software +16
NVD
CVSS 2.0
5.0
EPSS
0.2%
CVE-2014-2292 HIGH This Week

Unspecified vulnerability in the Linux Network Connect client in Juniper Junos Pulse Secure Access Service (aka SSL VPN) with IVE OS before 7.1r18, 7.3 before 7.3r10, 7.4 before 7.4r8, and 8.0 before. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. No vendor patch available.

Juniper Information Disclosure Ivanti Ive Os
NVD VulDB
CVSS 2.0
7.2
EPSS
0.0%
CVE-2014-2291 LOW Monitor

Cross-site scripting (XSS) vulnerability in the Pulse Collaboration (Secure Meeting) user pages in Juniper Junos Pulse Secure Access Service (aka SSL VPN) with IVE OS before 7.1r18, 7.3 before. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. No vendor patch available.

Juniper XSS Ivanti Ive Os
NVD VulDB
CVSS 2.0
3.5
EPSS
0.2%
CVE-2013-6956 LOW Monitor

Cross-site scripting (XSS) vulnerability in the Secure Access Service Web rewriting feature in Juniper Junos Pulse Secure Access Service (aka SSL VPN) with IVE OS before 7.1r17, 7.3 before 7.3r8, 7.4. Rated low severity (CVSS 2.1), this vulnerability is remotely exploitable. No vendor patch available.

Ivanti Juniper XSS Ive Os
NVD
CVSS 2.0
2.1
EPSS
0.2%
CVE-2013-5650 MEDIUM This Month

Junos Pulse Secure Access Service (IVE) 7.1 before 7.1r5, 7.2 before 7.2r10, 7.3 before 7.3r6, and 7.4 before 7.4r3 and Junos Pulse Access Control Service (UAC) 4.1 before 4.1r8.1, 4.2 before 4.2r5,. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Juniper Ivanti Junos Pulse Secure Access Service Junos Pulse Access Control Service
NVD
CVSS 2.0
5.4
EPSS
0.7%
CVE-2013-5649 MEDIUM This Month

Multiple cross-site scripting (XSS) vulnerabilities in Juniper Junos Pulse Secure Access Service (aka SSL VPN) with IVE OS 7.1 before 7.1r15, 7.2 before 7.2r11, 7.3 before 7.3r6, and 7.4 before 7.4r3. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Ivanti Juniper XSS Ive Os
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2013-3970 MEDIUM PATCH This Month

Juniper Junos Pulse Secure Access Service (aka SSL VPN) with IVE OS 7.0r2 through 7.0r8 and 7.1r1 through 7.1r5 and Junos Pulse Access Control Service (aka UAC) with UAC OS 4.1r1 through 4.1r5. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

Juniper Information Disclosure Ivanti Junos Pulse Secure Access Service Junos Pulse Access Control Service
NVD
CVSS 2.0
4.3
EPSS
0.2%
EPSS 0% CVSS 6.8
MEDIUM This Month

Pulse Secure Client 9.0R1 and 5.3RX before 5.3R5, when configured to authenticate VPN users during Windows Logon, can allow attackers to bypass Windows authentication and execute commands on the. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Microsoft Ivanti +1
NVD
EPSS 4% CVSS 9.8
CRITICAL Act Now

A vulnerability has been discovered in login.cgi in Pulse Secure Pulse Connect Secure (PCS) 8.1RX before 8.1R12 and 8.3RX before 8.3R2 and Pulse Policy Secure (PPS) 5.2RX before 5.2R9 and 5.4RX. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Ivanti Connect Secure +2
NVD
EPSS 0% CVSS 6.8
MEDIUM This Month

In Pulse Secure Pulse Desktop Client 5.3RX before 5.3R5 and 9.0R1, there is a Privilege Escalation Vulnerability with Dynamic Certificate Trust. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Ivanti Pulse Secure Desktop Client
NVD
EPSS 0% CVSS 7.8
HIGH This Week

The Pulse Secure Desktop (macOS) has a Privilege Escalation Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Ivanti Apple +1
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

The Pulse Secure Desktop (macOS) 5.3RX before 5.3R5 and 9.0R1 has a Format String Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Ivanti Apple +1
NVD
EPSS 0% CVSS 5.3
MEDIUM This Month

The Pulse Secure Desktop (macOS) 5.3RX before 5.3R5 and 9.0R1 has a Privilege Escalation Vulnerability. Rated medium severity (CVSS 5.3), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Apple Ivanti +2
NVD
EPSS 1% CVSS 6.1
MEDIUM This Month

download.cgi in Pulse Secure Pulse Connect Secure 8.1RX before 8.1R13 and 8.3RX before 8.3R4 and Pulse Policy Secure through 5.2RX before 5.2R10 and 5.4RX before 5.4R4 have an Open Redirect. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Ivanti Open Redirect Connect Secure +2
NVD
EPSS 2% CVSS 6.5
MEDIUM This Month

An issue was discovered in Ivanti Avalanche for all versions between 5.3 and 6.2. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Ivanti Avalanche
NVD
EPSS 1% CVSS 7.8
HIGH This Week

An issue was discovered in Ivanti Avalanche for all versions between 5.3 and 6.2. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Ivanti Avalanche
NVD
EPSS 1% CVSS 5.5
MEDIUM This Month

Pulse Secure Pulse Connect Secure 8.1.x before 8.1R14, 8.2.x before 8.2R11, and 8.3.x before 8.3R5 do not properly process nested XML entities, which allows remote attackers to cause a denial of. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Ivanti Pulse Connect Secure
NVD
EPSS 2% CVSS 7.5
HIGH This Week

Ivanti Endpoint Security (formerly HEAT Endpoint Management and Security Suite) 8.5 Update 1 and earlier allows an authenticated user with low privileges and access to the local network to bypass. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. No vendor patch available.

Authentication Bypass Ivanti Endpoint Security
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

The GUI component (aka PulseUI) in Pulse Secure Desktop Linux clients before PULSE5.2R9.2 and 5.3.x before PULSE5.3R4.2 does not perform strict SSL Certificate Validation. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Ivanti Desktop Linux Client
NVD
EPSS 3% CVSS 9.8
CRITICAL PATCH Act Now

A stack-based Buffer Overflow Vulnerability exists in the web server in Pulse Secure Pulse Connect Secure (PCS) before 8.3R4 and Pulse Policy Secure (PPS) before 5.4R4, leading to memory corruption. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Memory Corruption Ivanti RCE +3
NVD
EPSS 1% CVSS 8.8
HIGH This Week

In Ivanti Service Desk (formerly LANDESK Management Suite) versions between 2016.3 and 2017.3, an Unrestricted Direct Object Reference leads to referencing/updating objects belonging to other users. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Ivanti Information Disclosure Endpoint Manager
NVD GitHub
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Pulse Secure Pulse One On-Premise 2.0.1649 and below does not properly validate requests, which allows remote users to query and obtain sensitive information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Ivanti Information Disclosure Pulse One On Premise
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Pulse Secure Desktop before 5.2R2 and Pulse Secure Installer Service before 8.2R2 and below for Windows allow restricted users to gain privileges via unspecified vectors. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Ivanti Microsoft +4
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

Cross-site scripting (XSS) vulnerability in the web server in the Juniper Junos Pulse Secure Access Service (SSL VPN) devices with IVE OS 8.0 before 8.0r6, 7.4 before 7.4r13, and 7.1 before 7.1r20. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Juniper XSS Ivanti +1
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

The Juniper Junos Pulse Secure Access Service (SSL VPN) devices with IVE OS 8.0 before 8.0r1, 7.4 before 7.4r5, and 7.1 before 7.1r18 allows remote attackers to conduct clickjacking attacks via. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Juniper Information Disclosure Ivanti +1
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

Cross-site scripting (XSS) vulnerability in the SSL VPN/UAC web server in the Juniper Junos Pulse Secure Access Service (SSL VPN) devices with IVE OS 7.1 before 7.1r16, 7.4 before 7.4r3, and 8.0. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Juniper XSS Ivanti +2
NVD
EPSS 0% CVSS 5.0
MEDIUM This Month

The Juniper Junos Pulse Secure Access Service (SSL VPN) devices with IVE OS before 7.4r5 and 8.x before 8.0r1 and Junos Pulse Access Control Service (UAC) before 4.4r5 and 5.x before 5.0r1 enable. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Juniper Information Disclosure Ivanti +18
NVD
EPSS 0% CVSS 7.2
HIGH This Week

Unspecified vulnerability in the Linux Network Connect client in Juniper Junos Pulse Secure Access Service (aka SSL VPN) with IVE OS before 7.1r18, 7.3 before 7.3r10, 7.4 before 7.4r8, and 8.0 before. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. No vendor patch available.

Juniper Information Disclosure Ivanti +1
NVD VulDB
EPSS 0% CVSS 3.5
LOW Monitor

Cross-site scripting (XSS) vulnerability in the Pulse Collaboration (Secure Meeting) user pages in Juniper Junos Pulse Secure Access Service (aka SSL VPN) with IVE OS before 7.1r18, 7.3 before. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. No vendor patch available.

Juniper XSS Ivanti +1
NVD VulDB
EPSS 0% CVSS 2.1
LOW Monitor

Cross-site scripting (XSS) vulnerability in the Secure Access Service Web rewriting feature in Juniper Junos Pulse Secure Access Service (aka SSL VPN) with IVE OS before 7.1r17, 7.3 before 7.3r8, 7.4. Rated low severity (CVSS 2.1), this vulnerability is remotely exploitable. No vendor patch available.

Ivanti Juniper XSS +1
NVD
EPSS 1% CVSS 5.4
MEDIUM This Month

Junos Pulse Secure Access Service (IVE) 7.1 before 7.1r5, 7.2 before 7.2r10, 7.3 before 7.3r6, and 7.4 before 7.4r3 and Junos Pulse Access Control Service (UAC) 4.1 before 4.1r8.1, 4.2 before 4.2r5,. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Juniper Ivanti +2
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

Multiple cross-site scripting (XSS) vulnerabilities in Juniper Junos Pulse Secure Access Service (aka SSL VPN) with IVE OS 7.1 before 7.1r15, 7.2 before 7.2r11, 7.3 before 7.3r6, and 7.4 before 7.4r3. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Ivanti Juniper XSS +1
NVD
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

Juniper Junos Pulse Secure Access Service (aka SSL VPN) with IVE OS 7.0r2 through 7.0r8 and 7.1r1 through 7.1r5 and Junos Pulse Access Control Service (aka UAC) with UAC OS 4.1r1 through 4.1r5. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

Juniper Information Disclosure Ivanti +2
NVD
Prev Page 5 of 5

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy