Vendor CVEs
Ivanti
All CVEs
446 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-22461 | 0.00 | — | 0.01 | Apr 8, 2025 | SQL injection in Ivanti Endpoint Manager before version 2024 SU1 or before version 2022 SU7 allows a remote authenticated attacker with admin privileges to achieve code execution. | |||
| CVE-2025-22459 | 0.00 | — | 0.00 | Apr 8, 2025 | Improper certificate validation in Ivanti Endpoint Manager before version 2024 SU1 or before version 2022 SU7 allows a remote unauthenticated attacker to intercept limited traffic between clients and servers. | |||
| CVE-2025-22458 | 0.00 | — | 0.00 | Apr 8, 2025 | DLL hijacking in Ivanti Endpoint Manager before version 2024 SU1 or before version 2022 SU7 allows an authenticated attacker to escalate to System. | |||
| CVE-2025-22454 | 0.00 | — | 0.00 | Mar 11, 2025 | Insufficiently restrictive permissions in Ivanti Secure Access Client before 22.7R4 allows a local authenticated attacker to escalate their privileges. | |||
| CVE-2024-38657 | 0.00 | — | 0.01 | Feb 21, 2025 | External control of a file name in Ivanti Connect Secure before version 22.7R2.4 and Ivanti Policy Secure before version 22.7R1.3 allows a remote authenticated attacker with admin privileges to write arbitrary files. | |||
| CVE-2024-13813 | 0.00 | — | 0.00 | Feb 11, 2025 | Insufficient permissions in Ivanti Secure Access Client before version 22.8R1 allows a local authenticated attacker to delete arbitrary files. | |||
| CVE-2024-13843 | 0.00 | — | 0.00 | Feb 11, 2025 | Cleartext storage of information in Ivanti Connect Secure before version 22.7R2.6 and Ivanti Policy Secure before version 22.7R1.3 allows a local authenticated attacker with admin privileges to read sensitive data. | |||
| CVE-2024-13842 | 0.00 | — | 0.00 | Feb 11, 2025 | A hardcoded key in Ivanti Connect Secure before version 22.7R2.3 and Ivanti Policy Secure before version 22.7R1.3 allows a local authenticated attacker with admin privileges to read sensitive data. | |||
| CVE-2024-13830 | 0.00 | — | 0.01 | Feb 11, 2025 | Reflected XSS in Ivanti Connect Secure before version 22.7R2.6 and Ivanti Policy Secure before version 22.7R1.3 allows a remote unauthenticated attacker to obtain admin privileges. User interaction is required. | |||
| CVE-2024-12058 | 0.00 | — | 0.01 | Feb 11, 2025 | External control of a file name in Ivanti Connect Secure before version 22.7R2.6 and Ivanti Policy Secure before version 22.7R1.3 allows a remote authenticated attacker with admin privileges to read arbitrary files. | |||
| CVE-2024-10644 | 0.00 | — | 0.02 | Feb 11, 2025 | Code injection in Ivanti Connect Secure before version 22.7R2.4 and Ivanti Policy Secure before version 22.7R1.3 allows a remote authenticated attacker with admin privileges to achieve remote code execution. | |||
| CVE-2024-11771 | 0.00 | — | 0.01 | Feb 11, 2025 | Path traversal in Ivanti CSA before version 5.0.5 allows a remote unauthenticated attacker to access restricted functionality. | |||
| CVE-2024-13164 | 0.00 | — | 0.00 | Jan 14, 2025 | An uninitialized resource in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a local authenticated attacker to escalate their privileges. | |||
| CVE-2024-13165 | 0.00 | — | 0.02 | Jan 14, 2025 | An out-of-bounds write in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to cause a denial of service. | |||
| CVE-2024-13166 | 0.00 | — | 0.02 | Jan 14, 2025 | An out-of-bounds write in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to cause a denial of service. | |||
| CVE-2024-13167 | 0.00 | — | 0.02 | Jan 14, 2025 | An out-of-bounds write in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to cause a denial of service. | |||
| CVE-2024-13168 | 0.00 | — | 0.02 | Jan 14, 2025 | An out-of-bounds write in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to cause a denial of service. | |||
| CVE-2024-13169 | 0.00 | — | 0.00 | Jan 14, 2025 | An out-of-bounds read in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a local authenticated attacker to escalate their privileges. | |||
| CVE-2024-13170 | 0.00 | — | 0.02 | Jan 14, 2025 | An out-of-bounds write in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to cause a denial of service. | |||
| CVE-2024-13172 | 0.00 | — | 0.01 | Jan 14, 2025 | Improper signature verification in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to achieve remote code execution. Local user interaction is required. | |||
| CVE-2024-10811 | 0.00 | — | 0.03 | Jan 14, 2025 | Absolute path traversal in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to leak sensitive information. | |||
| CVE-2024-13181 | 0.00 | — | 0.32 | Jan 14, 2025 | Path Traversal in Ivanti Avalanche before version 6.4.7 allows a remote unauthenticated attacker to bypass authentication. This CVE addresses incomplete fixes from CVE-2024-47010. | |||
| CVE-2024-13179 | 0.00 | — | 0.62 | Jan 14, 2025 | Path Traversal in Ivanti Avalanche before version 6.4.7 allows a remote unauthenticated attacker to bypass authentication. | |||
| CVE-2024-37377 | 0.00 | — | 0.02 | Dec 11, 2024 | A heap-based buffer overflow in IPsec of Ivanti Connect Secure before version 22.7R2.3 allows a remote unauthenticated attacker to cause a denial of service. | |||
| CVE-2024-8496 | 0.00 | — | 0.00 | Dec 11, 2024 | Under specific circumstances, insecure permissions in Ivanti Workspace Control before version 10.18.40.0 allows a local authenticated attacker to achieve local privilege escalation. | |||
| CVE-2024-9845 | 0.00 | — | 0.00 | Dec 11, 2024 | Under specific circumstances, insecure permissions in Ivanti Automation before version 2024.4.0.1 allows a local authenticated attacker to achieve local privilege escalation. | |||
| CVE-2024-10251 | 0.00 | — | 0.00 | Dec 11, 2024 | Under specific circumstances, insecure permissions in Ivanti Security Controls before version 2024.4.1 allows a local authenticated attacker to achieve local privilege escalation. | |||
| CVE-2024-11773 | 0.00 | — | 0.24 | Dec 10, 2024 | SQL injection in the admin web console of Ivanti CSA before version 5.0.3 allows a remote authenticated attacker with admin privileges to run arbitrary SQL statements. | |||
| CVE-2024-9844 | 0.00 | — | 0.01 | Dec 10, 2024 | Insufficient server-side controls in Secure Application Manager of Ivanti Connect Secure before version 22.7R2.4 allows a remote authenticated attacker to bypass restrictions. | |||
| CVE-2024-10256 | 0.00 | — | 0.00 | Dec 10, 2024 | Insufficient permissions in Ivanti Patch SDK before version 9.7.703 allows a local authenticated attacker to delete arbitrary files. | |||
| CVE-2024-29211 | 0.00 | — | 0.00 | Nov 13, 2024 | A race condition in Ivanti Secure Access Client before version 22.7R4 allows a local authenticated attacker to modify sensitive configuration files. | |||
| CVE-2024-37400 | 0.00 | — | 0.02 | Nov 13, 2024 | An out of bounds read in Ivanti Connect Secure before version 22.7R2.3 allows a remote unauthenticated attacker to trigger an infinite loop, causing a denial of service. | |||
| CVE-2024-38654 | 0.00 | — | 0.00 | Nov 13, 2024 | Improper bounds checking in Ivanti Secure Access Client before version 22.7R3 allows a local authenticated attacker with admin privileges to cause a denial of service. | |||
| CVE-2024-38649 | 0.00 | — | 0.02 | Nov 13, 2024 | An out-of-bounds write in IPsec of Ivanti Connect Secure before version 22.7R2.1(Not Applicable to 9.1Rx) allows a remote unauthenticated attacker to cause a denial of service. | |||
| CVE-2024-39709 | 0.00 | — | 0.00 | Nov 13, 2024 | Incorrect file permissions in Ivanti Connect Secure before version 22.6R2 (Not Applicable to 9.1Rx) and Ivanti Policy Secure before version 22.7R1 (Not Applicable to 9.1Rx) allow a local authenticated attacker to escalate their privileges. | |||
| CVE-2024-37398 | 0.00 | — | 0.00 | Nov 13, 2024 | Insufficient validation in Ivanti Secure Access Client before 22.7R4 allows a local authenticated attacker to escalate their privileges. | |||
| CVE-2024-7571 | 0.00 | — | 0.00 | Nov 12, 2024 | Incorrect permissions in Ivanti Secure Access Client before 22.7R4 allows a local authenticated attacker to escalate their privileges. | |||
| CVE-2024-9843 | 0.00 | — | 0.00 | Nov 12, 2024 | A buffer over-read in Ivanti Secure Access Client before 22.7R4 allows a local unauthenticated attacker to cause a denial of service. | |||
| CVE-2024-9842 | 0.00 | — | 0.00 | Nov 12, 2024 | Incorrect permissions in Ivanti Secure Access Client before version 22.7R4 allows a local authenticated attacker to create arbitrary folders. | |||
| CVE-2024-8539 | 0.00 | — | 0.00 | Nov 12, 2024 | Improper authorization in Ivanti Secure Access Client before version 22.7R3 allows a local authenticated attacker to modify sensitive configuration files. | |||
| CVE-2024-11004 | 0.00 | — | 0.01 | Nov 12, 2024 | Reflected XSS in Ivanti Connect Secure before version 22.7R2.1 and Ivanti Policy Secure before version 22.7R1.1 allows a remote unauthenticated attacker to obtain admin privileges. User interaction is required. | |||
| CVE-2024-8495 | 0.00 | — | 0.01 | Nov 12, 2024 | A null pointer dereference in Ivanti Connect Secure before version 22.7R2.1 and Ivanti Policy Secure before version 22.7R1.1 allows a remote unauthenticated attacker to cause a denial of service. | |||
| CVE-2024-47909 | 0.00 | — | 0.01 | Nov 12, 2024 | A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.3 and Ivanti Policy Secure before version 22.7R1.2 allows a remote authenticated attacker with admin privileges to cause a denial of service. | |||
| CVE-2024-47907 | 0.00 | — | 0.01 | Nov 12, 2024 | A stack-based buffer overflow in IPsec of Ivanti Connect Secure before version 22.7R2.3 allows a remote unauthenticated attacker to cause a denial of service. | |||
| CVE-2024-47906 | 0.00 | — | 0.00 | Nov 12, 2024 | Excessive binary privileges in Ivanti Connect Secure before version 22.7R2.3 (Not Applicable to 9.1Rx) and Ivanti Policy Secure before version 22.7R1.2 (Not Applicable to 9.1Rx) allows a local authenticated attacker to escalate privileges. | |||
| CVE-2024-47905 | 0.00 | — | 0.01 | Nov 12, 2024 | A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.3 and Ivanti Policy Secure before version 22.7R1.2 allows a remote authenticated attacker with admin privileges to cause a denial of service. | |||
| CVE-2024-50323 | 0.00 | — | 0.01 | Nov 12, 2024 | SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a local unauthenticated attacker to achieve code execution. User interaction is required. | |||
| CVE-2024-50331 | 0.00 | — | 0.01 | Nov 12, 2024 | An out-of-bounds read vulnerability in Ivanti Avalanche before 6.4.6 allows a remote unauthenticated attacker to leak sensitive information in memory. | |||
| CVE-2024-47010 | 0.00 | — | 0.38 | Oct 8, 2024 | Path Traversal in Ivanti Avalanche before version 6.4.5 allows a remote unauthenticated attacker to bypass authentication. | |||
| CVE-2024-47009 | 0.00 | — | 0.02 | Oct 8, 2024 | Path Traversal in Ivanti Avalanche before version 6.4.5 allows a remote unauthenticated attacker to bypass authentication. |
- CVE-2025-22461Apr 8, 2025risk 0.00cvss —epss 0.01
SQL injection in Ivanti Endpoint Manager before version 2024 SU1 or before version 2022 SU7 allows a remote authenticated attacker with admin privileges to achieve code execution.
- CVE-2025-22459Apr 8, 2025risk 0.00cvss —epss 0.00
Improper certificate validation in Ivanti Endpoint Manager before version 2024 SU1 or before version 2022 SU7 allows a remote unauthenticated attacker to intercept limited traffic between clients and servers.
- CVE-2025-22458Apr 8, 2025risk 0.00cvss —epss 0.00
DLL hijacking in Ivanti Endpoint Manager before version 2024 SU1 or before version 2022 SU7 allows an authenticated attacker to escalate to System.
- CVE-2025-22454Mar 11, 2025risk 0.00cvss —epss 0.00
Insufficiently restrictive permissions in Ivanti Secure Access Client before 22.7R4 allows a local authenticated attacker to escalate their privileges.
- CVE-2024-38657Feb 21, 2025risk 0.00cvss —epss 0.01
External control of a file name in Ivanti Connect Secure before version 22.7R2.4 and Ivanti Policy Secure before version 22.7R1.3 allows a remote authenticated attacker with admin privileges to write arbitrary files.
- CVE-2024-13813Feb 11, 2025risk 0.00cvss —epss 0.00
Insufficient permissions in Ivanti Secure Access Client before version 22.8R1 allows a local authenticated attacker to delete arbitrary files.
- CVE-2024-13843Feb 11, 2025risk 0.00cvss —epss 0.00
Cleartext storage of information in Ivanti Connect Secure before version 22.7R2.6 and Ivanti Policy Secure before version 22.7R1.3 allows a local authenticated attacker with admin privileges to read sensitive data.
- CVE-2024-13842Feb 11, 2025risk 0.00cvss —epss 0.00
A hardcoded key in Ivanti Connect Secure before version 22.7R2.3 and Ivanti Policy Secure before version 22.7R1.3 allows a local authenticated attacker with admin privileges to read sensitive data.
- CVE-2024-13830Feb 11, 2025risk 0.00cvss —epss 0.01
Reflected XSS in Ivanti Connect Secure before version 22.7R2.6 and Ivanti Policy Secure before version 22.7R1.3 allows a remote unauthenticated attacker to obtain admin privileges. User interaction is required.
- CVE-2024-12058Feb 11, 2025risk 0.00cvss —epss 0.01
External control of a file name in Ivanti Connect Secure before version 22.7R2.6 and Ivanti Policy Secure before version 22.7R1.3 allows a remote authenticated attacker with admin privileges to read arbitrary files.
- CVE-2024-10644Feb 11, 2025risk 0.00cvss —epss 0.02
Code injection in Ivanti Connect Secure before version 22.7R2.4 and Ivanti Policy Secure before version 22.7R1.3 allows a remote authenticated attacker with admin privileges to achieve remote code execution.
- CVE-2024-11771Feb 11, 2025risk 0.00cvss —epss 0.01
Path traversal in Ivanti CSA before version 5.0.5 allows a remote unauthenticated attacker to access restricted functionality.
- CVE-2024-13164Jan 14, 2025risk 0.00cvss —epss 0.00
An uninitialized resource in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a local authenticated attacker to escalate their privileges.
- CVE-2024-13165Jan 14, 2025risk 0.00cvss —epss 0.02
An out-of-bounds write in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to cause a denial of service.
- CVE-2024-13166Jan 14, 2025risk 0.00cvss —epss 0.02
An out-of-bounds write in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to cause a denial of service.
- CVE-2024-13167Jan 14, 2025risk 0.00cvss —epss 0.02
An out-of-bounds write in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to cause a denial of service.
- CVE-2024-13168Jan 14, 2025risk 0.00cvss —epss 0.02
An out-of-bounds write in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to cause a denial of service.
- CVE-2024-13169Jan 14, 2025risk 0.00cvss —epss 0.00
An out-of-bounds read in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a local authenticated attacker to escalate their privileges.
- CVE-2024-13170Jan 14, 2025risk 0.00cvss —epss 0.02
An out-of-bounds write in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to cause a denial of service.
- CVE-2024-13172Jan 14, 2025risk 0.00cvss —epss 0.01
Improper signature verification in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to achieve remote code execution. Local user interaction is required.
- CVE-2024-10811Jan 14, 2025risk 0.00cvss —epss 0.03
Absolute path traversal in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to leak sensitive information.
- CVE-2024-13181Jan 14, 2025risk 0.00cvss —epss 0.32
Path Traversal in Ivanti Avalanche before version 6.4.7 allows a remote unauthenticated attacker to bypass authentication. This CVE addresses incomplete fixes from CVE-2024-47010.
- CVE-2024-13179Jan 14, 2025risk 0.00cvss —epss 0.62
Path Traversal in Ivanti Avalanche before version 6.4.7 allows a remote unauthenticated attacker to bypass authentication.
- CVE-2024-37377Dec 11, 2024risk 0.00cvss —epss 0.02
A heap-based buffer overflow in IPsec of Ivanti Connect Secure before version 22.7R2.3 allows a remote unauthenticated attacker to cause a denial of service.
- CVE-2024-8496Dec 11, 2024risk 0.00cvss —epss 0.00
Under specific circumstances, insecure permissions in Ivanti Workspace Control before version 10.18.40.0 allows a local authenticated attacker to achieve local privilege escalation.
- CVE-2024-9845Dec 11, 2024risk 0.00cvss —epss 0.00
Under specific circumstances, insecure permissions in Ivanti Automation before version 2024.4.0.1 allows a local authenticated attacker to achieve local privilege escalation.
- CVE-2024-10251Dec 11, 2024risk 0.00cvss —epss 0.00
Under specific circumstances, insecure permissions in Ivanti Security Controls before version 2024.4.1 allows a local authenticated attacker to achieve local privilege escalation.
- CVE-2024-11773Dec 10, 2024risk 0.00cvss —epss 0.24
SQL injection in the admin web console of Ivanti CSA before version 5.0.3 allows a remote authenticated attacker with admin privileges to run arbitrary SQL statements.
- CVE-2024-9844Dec 10, 2024risk 0.00cvss —epss 0.01
Insufficient server-side controls in Secure Application Manager of Ivanti Connect Secure before version 22.7R2.4 allows a remote authenticated attacker to bypass restrictions.
- CVE-2024-10256Dec 10, 2024risk 0.00cvss —epss 0.00
Insufficient permissions in Ivanti Patch SDK before version 9.7.703 allows a local authenticated attacker to delete arbitrary files.
- CVE-2024-29211Nov 13, 2024risk 0.00cvss —epss 0.00
A race condition in Ivanti Secure Access Client before version 22.7R4 allows a local authenticated attacker to modify sensitive configuration files.
- CVE-2024-37400Nov 13, 2024risk 0.00cvss —epss 0.02
An out of bounds read in Ivanti Connect Secure before version 22.7R2.3 allows a remote unauthenticated attacker to trigger an infinite loop, causing a denial of service.
- CVE-2024-38654Nov 13, 2024risk 0.00cvss —epss 0.00
Improper bounds checking in Ivanti Secure Access Client before version 22.7R3 allows a local authenticated attacker with admin privileges to cause a denial of service.
- CVE-2024-38649Nov 13, 2024risk 0.00cvss —epss 0.02
An out-of-bounds write in IPsec of Ivanti Connect Secure before version 22.7R2.1(Not Applicable to 9.1Rx) allows a remote unauthenticated attacker to cause a denial of service.
- CVE-2024-39709Nov 13, 2024risk 0.00cvss —epss 0.00
Incorrect file permissions in Ivanti Connect Secure before version 22.6R2 (Not Applicable to 9.1Rx) and Ivanti Policy Secure before version 22.7R1 (Not Applicable to 9.1Rx) allow a local authenticated attacker to escalate their privileges.
- CVE-2024-37398Nov 13, 2024risk 0.00cvss —epss 0.00
Insufficient validation in Ivanti Secure Access Client before 22.7R4 allows a local authenticated attacker to escalate their privileges.
- CVE-2024-7571Nov 12, 2024risk 0.00cvss —epss 0.00
Incorrect permissions in Ivanti Secure Access Client before 22.7R4 allows a local authenticated attacker to escalate their privileges.
- CVE-2024-9843Nov 12, 2024risk 0.00cvss —epss 0.00
A buffer over-read in Ivanti Secure Access Client before 22.7R4 allows a local unauthenticated attacker to cause a denial of service.
- CVE-2024-9842Nov 12, 2024risk 0.00cvss —epss 0.00
Incorrect permissions in Ivanti Secure Access Client before version 22.7R4 allows a local authenticated attacker to create arbitrary folders.
- CVE-2024-8539Nov 12, 2024risk 0.00cvss —epss 0.00
Improper authorization in Ivanti Secure Access Client before version 22.7R3 allows a local authenticated attacker to modify sensitive configuration files.
- CVE-2024-11004Nov 12, 2024risk 0.00cvss —epss 0.01
Reflected XSS in Ivanti Connect Secure before version 22.7R2.1 and Ivanti Policy Secure before version 22.7R1.1 allows a remote unauthenticated attacker to obtain admin privileges. User interaction is required.
- CVE-2024-8495Nov 12, 2024risk 0.00cvss —epss 0.01
A null pointer dereference in Ivanti Connect Secure before version 22.7R2.1 and Ivanti Policy Secure before version 22.7R1.1 allows a remote unauthenticated attacker to cause a denial of service.
- CVE-2024-47909Nov 12, 2024risk 0.00cvss —epss 0.01
A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.3 and Ivanti Policy Secure before version 22.7R1.2 allows a remote authenticated attacker with admin privileges to cause a denial of service.
- CVE-2024-47907Nov 12, 2024risk 0.00cvss —epss 0.01
A stack-based buffer overflow in IPsec of Ivanti Connect Secure before version 22.7R2.3 allows a remote unauthenticated attacker to cause a denial of service.
- CVE-2024-47906Nov 12, 2024risk 0.00cvss —epss 0.00
Excessive binary privileges in Ivanti Connect Secure before version 22.7R2.3 (Not Applicable to 9.1Rx) and Ivanti Policy Secure before version 22.7R1.2 (Not Applicable to 9.1Rx) allows a local authenticated attacker to escalate privileges.
- CVE-2024-47905Nov 12, 2024risk 0.00cvss —epss 0.01
A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.3 and Ivanti Policy Secure before version 22.7R1.2 allows a remote authenticated attacker with admin privileges to cause a denial of service.
- CVE-2024-50323Nov 12, 2024risk 0.00cvss —epss 0.01
SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a local unauthenticated attacker to achieve code execution. User interaction is required.
- CVE-2024-50331Nov 12, 2024risk 0.00cvss —epss 0.01
An out-of-bounds read vulnerability in Ivanti Avalanche before 6.4.6 allows a remote unauthenticated attacker to leak sensitive information in memory.
- CVE-2024-47010Oct 8, 2024risk 0.00cvss —epss 0.38
Path Traversal in Ivanti Avalanche before version 6.4.5 allows a remote unauthenticated attacker to bypass authentication.
- CVE-2024-47009Oct 8, 2024risk 0.00cvss —epss 0.02
Path Traversal in Ivanti Avalanche before version 6.4.5 allows a remote unauthenticated attacker to bypass authentication.
Page 6 of 9