VYPR

Vendor CVEs

Ivanti

All CVEs

446 total · sorted by risk
  • CVE-2025-22461Apr 8, 2025
    risk 0.00cvss epss 0.01

    SQL injection in Ivanti Endpoint Manager before version 2024 SU1 or before version 2022 SU7 allows a remote authenticated attacker with admin privileges to achieve code execution.

  • CVE-2025-22459Apr 8, 2025
    risk 0.00cvss epss 0.00

    Improper certificate validation in Ivanti Endpoint Manager before version 2024 SU1 or before version 2022 SU7 allows a remote unauthenticated attacker to intercept limited traffic between clients and servers.

  • CVE-2025-22458Apr 8, 2025
    risk 0.00cvss epss 0.00

    DLL hijacking in Ivanti Endpoint Manager before version 2024 SU1 or before version 2022 SU7 allows an authenticated attacker to escalate to System.

  • CVE-2025-22454Mar 11, 2025
    risk 0.00cvss epss 0.00

    Insufficiently restrictive permissions in Ivanti Secure Access Client before 22.7R4 allows a local authenticated attacker to escalate their privileges.

  • CVE-2024-38657Feb 21, 2025
    risk 0.00cvss epss 0.01

    External control of a file name in Ivanti Connect Secure before version 22.7R2.4 and Ivanti Policy Secure before version 22.7R1.3 allows a remote authenticated attacker with admin privileges to write arbitrary files.

  • CVE-2024-13813Feb 11, 2025
    risk 0.00cvss epss 0.00

    Insufficient permissions in Ivanti Secure Access Client before version 22.8R1 allows a local authenticated attacker to delete arbitrary files.

  • CVE-2024-13843Feb 11, 2025
    risk 0.00cvss epss 0.00

    Cleartext storage of information in Ivanti Connect Secure before version 22.7R2.6 and Ivanti Policy Secure before version 22.7R1.3 allows a local authenticated attacker with admin privileges to read sensitive data.

  • CVE-2024-13842Feb 11, 2025
    risk 0.00cvss epss 0.00

    A hardcoded key in Ivanti Connect Secure before version 22.7R2.3 and Ivanti Policy Secure before version 22.7R1.3 allows a local authenticated attacker with admin privileges to read sensitive data.

  • CVE-2024-13830Feb 11, 2025
    risk 0.00cvss epss 0.01

    Reflected XSS in Ivanti Connect Secure before version 22.7R2.6 and Ivanti Policy Secure before version 22.7R1.3 allows a remote unauthenticated attacker to obtain admin privileges. User interaction is required.

  • CVE-2024-12058Feb 11, 2025
    risk 0.00cvss epss 0.01

    External control of a file name in Ivanti Connect Secure before version 22.7R2.6 and Ivanti Policy Secure before version 22.7R1.3 allows a remote authenticated attacker with admin privileges to read arbitrary files.

  • CVE-2024-10644Feb 11, 2025
    risk 0.00cvss epss 0.02

    Code injection in Ivanti Connect Secure before version 22.7R2.4 and Ivanti Policy Secure before version 22.7R1.3 allows a remote authenticated attacker with admin privileges to achieve remote code execution.

  • CVE-2024-11771Feb 11, 2025
    risk 0.00cvss epss 0.01

    Path traversal in Ivanti CSA before version 5.0.5 allows a remote unauthenticated attacker to access restricted functionality.

  • CVE-2024-13164Jan 14, 2025
    risk 0.00cvss epss 0.00

    An uninitialized resource in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a local authenticated attacker to escalate their privileges.

  • CVE-2024-13165Jan 14, 2025
    risk 0.00cvss epss 0.02

    An out-of-bounds write in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to cause a denial of service.

  • CVE-2024-13166Jan 14, 2025
    risk 0.00cvss epss 0.02

    An out-of-bounds write in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to cause a denial of service.

  • CVE-2024-13167Jan 14, 2025
    risk 0.00cvss epss 0.02

    An out-of-bounds write in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to cause a denial of service.

  • CVE-2024-13168Jan 14, 2025
    risk 0.00cvss epss 0.02

    An out-of-bounds write in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to cause a denial of service.

  • CVE-2024-13169Jan 14, 2025
    risk 0.00cvss epss 0.00

    An out-of-bounds read in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a local authenticated attacker to escalate their privileges.

  • CVE-2024-13170Jan 14, 2025
    risk 0.00cvss epss 0.02

    An out-of-bounds write in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to cause a denial of service.

  • CVE-2024-13172Jan 14, 2025
    risk 0.00cvss epss 0.01

    Improper signature verification in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to achieve remote code execution. Local user interaction is required.

  • CVE-2024-10811Jan 14, 2025
    risk 0.00cvss epss 0.03

    Absolute path traversal in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to leak sensitive information.

  • CVE-2024-13181Jan 14, 2025
    risk 0.00cvss epss 0.32

    Path Traversal in Ivanti Avalanche before version 6.4.7 allows a remote unauthenticated attacker to bypass authentication. This CVE addresses incomplete fixes from CVE-2024-47010.

  • CVE-2024-13179Jan 14, 2025
    risk 0.00cvss epss 0.62

    Path Traversal in Ivanti Avalanche before version 6.4.7 allows a remote unauthenticated attacker to bypass authentication.

  • CVE-2024-37377Dec 11, 2024
    risk 0.00cvss epss 0.02

    A heap-based buffer overflow in IPsec of Ivanti Connect Secure before version 22.7R2.3 allows a remote unauthenticated attacker to cause a denial of service.

  • CVE-2024-8496Dec 11, 2024
    risk 0.00cvss epss 0.00

    Under specific circumstances, insecure permissions in Ivanti Workspace Control before version 10.18.40.0 allows a local authenticated attacker to achieve local privilege escalation.

  • CVE-2024-9845Dec 11, 2024
    risk 0.00cvss epss 0.00

    Under specific circumstances, insecure permissions in Ivanti Automation before version 2024.4.0.1 allows a local authenticated attacker to achieve local privilege escalation.

  • CVE-2024-10251Dec 11, 2024
    risk 0.00cvss epss 0.00

    Under specific circumstances, insecure permissions in Ivanti Security Controls before version 2024.4.1 allows a local authenticated attacker to achieve local privilege escalation.

  • CVE-2024-11773Dec 10, 2024
    risk 0.00cvss epss 0.24

    SQL injection in the admin web console of Ivanti CSA before version 5.0.3 allows a remote authenticated attacker with admin privileges to run arbitrary SQL statements.

  • CVE-2024-9844Dec 10, 2024
    risk 0.00cvss epss 0.01

    Insufficient server-side controls in Secure Application Manager of Ivanti Connect Secure before version 22.7R2.4 allows a remote authenticated attacker to bypass restrictions.

  • CVE-2024-10256Dec 10, 2024
    risk 0.00cvss epss 0.00

    Insufficient permissions in Ivanti Patch SDK before version 9.7.703 allows a local authenticated attacker to delete arbitrary files.

  • CVE-2024-29211Nov 13, 2024
    risk 0.00cvss epss 0.00

    A race condition in Ivanti Secure Access Client before version 22.7R4 allows a local authenticated attacker to modify sensitive configuration files.

  • CVE-2024-37400Nov 13, 2024
    risk 0.00cvss epss 0.02

    An out of bounds read in Ivanti Connect Secure before version 22.7R2.3 allows a remote unauthenticated attacker to trigger an infinite loop, causing a denial of service.

  • CVE-2024-38654Nov 13, 2024
    risk 0.00cvss epss 0.00

    Improper bounds checking in Ivanti Secure Access Client before version 22.7R3 allows a local authenticated attacker with admin privileges to cause a denial of service.

  • CVE-2024-38649Nov 13, 2024
    risk 0.00cvss epss 0.02

    An out-of-bounds write in IPsec of Ivanti Connect Secure before version 22.7R2.1(Not Applicable to 9.1Rx) allows a remote unauthenticated attacker to cause a denial of service.

  • CVE-2024-39709Nov 13, 2024
    risk 0.00cvss epss 0.00

    Incorrect file permissions in Ivanti Connect Secure before version 22.6R2 (Not Applicable to 9.1Rx) and Ivanti Policy Secure before version 22.7R1 (Not Applicable to 9.1Rx) allow a local authenticated attacker to escalate their privileges.

  • CVE-2024-37398Nov 13, 2024
    risk 0.00cvss epss 0.00

    Insufficient validation in Ivanti Secure Access Client before 22.7R4 allows a local authenticated attacker to escalate their privileges.

  • CVE-2024-7571Nov 12, 2024
    risk 0.00cvss epss 0.00

    Incorrect permissions in Ivanti Secure Access Client before 22.7R4 allows a local authenticated attacker to escalate their privileges.

  • CVE-2024-9843Nov 12, 2024
    risk 0.00cvss epss 0.00

    A buffer over-read in Ivanti Secure Access Client before 22.7R4 allows a local unauthenticated attacker to cause a denial of service.

  • CVE-2024-9842Nov 12, 2024
    risk 0.00cvss epss 0.00

    Incorrect permissions in Ivanti Secure Access Client before version 22.7R4 allows a local authenticated attacker to create arbitrary folders.

  • CVE-2024-8539Nov 12, 2024
    risk 0.00cvss epss 0.00

    Improper authorization in Ivanti Secure Access Client before version 22.7R3 allows a local authenticated attacker to modify sensitive configuration files.

  • CVE-2024-11004Nov 12, 2024
    risk 0.00cvss epss 0.01

    Reflected XSS in Ivanti Connect Secure before version 22.7R2.1 and Ivanti Policy Secure before version 22.7R1.1 allows a remote unauthenticated attacker to obtain admin privileges. User interaction is required.

  • CVE-2024-8495Nov 12, 2024
    risk 0.00cvss epss 0.01

    A null pointer dereference in Ivanti Connect Secure before version 22.7R2.1 and Ivanti Policy Secure before version 22.7R1.1 allows a remote unauthenticated attacker to cause a denial of service.

  • CVE-2024-47909Nov 12, 2024
    risk 0.00cvss epss 0.01

    A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.3 and Ivanti Policy Secure before version 22.7R1.2 allows a remote authenticated attacker with admin privileges to cause a denial of service.

  • CVE-2024-47907Nov 12, 2024
    risk 0.00cvss epss 0.01

    A stack-based buffer overflow in IPsec of Ivanti Connect Secure before version 22.7R2.3 allows a remote unauthenticated attacker to cause a denial of service.

  • CVE-2024-47906Nov 12, 2024
    risk 0.00cvss epss 0.00

    Excessive binary privileges in Ivanti Connect Secure before version 22.7R2.3 (Not Applicable to 9.1Rx) and Ivanti Policy Secure before version 22.7R1.2 (Not Applicable to 9.1Rx) allows a local authenticated attacker to escalate privileges.

  • CVE-2024-47905Nov 12, 2024
    risk 0.00cvss epss 0.01

    A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.3 and Ivanti Policy Secure before version 22.7R1.2 allows a remote authenticated attacker with admin privileges to cause a denial of service.

  • CVE-2024-50323Nov 12, 2024
    risk 0.00cvss epss 0.01

    SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a local unauthenticated attacker to achieve code execution. User interaction is required.

  • CVE-2024-50331Nov 12, 2024
    risk 0.00cvss epss 0.01

    An out-of-bounds read vulnerability in Ivanti Avalanche before 6.4.6 allows a remote unauthenticated attacker to leak sensitive information in memory.

  • CVE-2024-47010Oct 8, 2024
    risk 0.00cvss epss 0.38

    Path Traversal in Ivanti Avalanche before version 6.4.5 allows a remote unauthenticated attacker to bypass authentication.

  • CVE-2024-47009Oct 8, 2024
    risk 0.00cvss epss 0.02

    Path Traversal in Ivanti Avalanche before version 6.4.5 allows a remote unauthenticated attacker to bypass authentication.

Page 6 of 9