Vendor CVEs
Ivanti
All CVEs
446 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-47007 | 0.00 | — | 0.01 | Oct 8, 2024 | A NULL pointer dereference in WLAvalancheService.exe of Ivanti Avalanche before version 6.4.5 allows a remote unauthenticated attacker to cause a denial of service. | |||
| CVE-2024-9167 | 0.00 | — | 0.00 | Oct 8, 2024 | Under specific circumstances, insecure permissions in Ivanti Velocity License Server before version 5.2 allows a local authenticated attacker to achieve local privilege escalation. | |||
| CVE-2024-9381 | 0.00 | — | 0.16 | Oct 8, 2024 | Path traversal in Ivanti CSA before version 5.0.2 allows a remote authenticated attacker with admin privileges to bypass restrictions. | |||
| CVE-2024-7612 | 0.00 | — | 0.00 | Oct 8, 2024 | Insecure permissions in Ivanti EPMM before 12.1.0.4 allow a local authenticated attacker to modify sensitive application components. | |||
| CVE-2024-8441 | 0.00 | — | 0.00 | Sep 10, 2024 | An uncontrolled search path in the agent of Ivanti EPM before 2022 SU6, or the 2024 September update allows a local authenticated attacker with admin privileges to escalate their privileges to SYSTEM. | |||
| CVE-2024-8322 | 0.00 | — | 0.01 | Sep 10, 2024 | Weak authentication in Patch Management of Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote authenticated attacker to access restricted functionality. | |||
| CVE-2024-8321 | 0.00 | — | 0.02 | Sep 10, 2024 | Missing authentication in Network Isolation of Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote unauthenticated attacker to isolate managed devices from the network. | |||
| CVE-2024-8320 | 0.00 | — | 0.01 | Sep 10, 2024 | Missing authentication in Network Isolation of Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote unauthenticated attacker to spoof Network Isolation status of managed devices. | |||
| CVE-2024-44107 | 0.00 | — | 0.00 | Sep 10, 2024 | DLL hijacking in the management console of Ivanti Workspace Control before version 2025.2 (10.19.0.0) allows a local authenticated attacker to escalate their privileges and achieve arbitrary code execution. | |||
| CVE-2024-44106 | 0.00 | — | 0.00 | Sep 10, 2024 | Insufficient server-side controls in the management console of Ivanti Workspace Control before version 2025.2 (10.19.0.0) allows a local authenticated attacker to escalate their privileges. | |||
| CVE-2024-44105 | 0.00 | — | 0.00 | Sep 10, 2024 | Cleartext transmission of sensitive information in the management console of Ivanti Workspace Control before version 2025.2 (10.19.0.0) allows a local authenticated attacker to obtain OS credentials. | |||
| CVE-2024-44104 | 0.00 | — | 0.00 | Sep 10, 2024 | An incorrectly implemented authentication scheme that is subjected to a spoofing attack in the management console of Ivanti Workspace Control before version 2025.2 (10.19.0.0) allows a local authenticated attacker to escalate their privileges. | |||
| CVE-2024-44103 | 0.00 | — | 0.00 | Sep 10, 2024 | DLL hijacking in the management console of Ivanti Workspace Control before version 2025.2 (10.19.0.0) allows a local authenticated attacker to escalate their privileges. | |||
| CVE-2024-8012 | 0.00 | — | 0.00 | Sep 10, 2024 | An authentication bypass weakness in the message broker service of Ivanti Workspace Control before version 2025.2 (10.19.0.0) allows a local authenticated attacker to escalate their privileges. | |||
| CVE-2024-37373 | 0.00 | — | 0.02 | Aug 14, 2024 | Improper input validation in the Central Filestore in Ivanti Avalanche 6.3.1 allows a remote authenticated attacker with admin rights to achieve RCE. | |||
| CVE-2024-7570 | 0.00 | — | 0.01 | Aug 13, 2024 | Improper certificate validation in Ivanti ITSM on-prem and Neurons for ITSM Versions 2023.4 and earlier allows a remote attacker in a MITM position to craft a token that would allow access to ITSM as any user. | |||
| CVE-2024-36130 | 0.00 | — | 0.02 | Aug 7, 2024 | An insufficient authorization vulnerability in web component of EPMM prior to 12.1.0.1 allows an unauthorized attacker within the network to execute arbitrary commands on the underlying operating system of the appliance. | |||
| CVE-2024-36131 | 0.00 | — | 0.02 | Aug 7, 2024 | An insecure deserialization vulnerability in web component of EPMM prior to 12.1.0.1 allows an authenticated remote attacker to execute arbitrary commands on the underlying operating system of the appliance. | |||
| CVE-2024-36132 | 0.00 | — | 0.01 | Aug 7, 2024 | Insufficient verification of authentication controls in EPMM prior to 12.1.0.1 allows a remote attacker to bypass authentication and access sensitive resources. | |||
| CVE-2024-37403 | 0.00 | — | 0.00 | Aug 7, 2024 | Ivanti Docs@Work for Android, before 2.26.0 is affected by the 'Dirty Stream' vulnerability. The application fails to properly sanitize file names, resulting in a path traversal-affiliated vulnerability. This potentially enables other malicious apps on the device to read… | |||
| CVE-2024-37381 | 0.00 | — | 0.03 | Jul 29, 2024 | An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2024 flat allows an authenticated attacker within the same network to execute arbitrary code. | |||
| CVE-2023-38042 | 0.00 | — | 0.00 | May 31, 2024 | A local privilege escalation vulnerability in Ivanti Secure Access Client for Windows allows a low privileged user to execute code as SYSTEM. | |||
| CVE-2023-46810 | 0.00 | — | 0.00 | May 31, 2024 | A local privilege escalation vulnerability in Ivanti Secure Access Client for Linux before 22.7R1, allows a low privileged user to execute code as root. | |||
| CVE-2024-22059 | 0.00 | — | 0.01 | May 31, 2024 | A SQL injection vulnerability in web component of Ivanti Neurons for ITSM allows a remote authenticated user to read/modify/delete information in the underlying database. This may also lead to DoS. | |||
| CVE-2024-29823 | 0.00 | — | 1.00 | May 31, 2024 | An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an unauthenticated attacker within the same network to execute arbitrary code. | |||
| CVE-2024-29827 | 0.00 | — | 0.72 | May 31, 2024 | An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an unauthenticated attacker within the same network to execute arbitrary code. | |||
| CVE-2024-22060 | 0.00 | — | 0.01 | May 31, 2024 | An unrestricted file upload vulnerability in web component of Ivanti Neurons for ITSM allows a remote, authenticated, high privileged user to write arbitrary files into sensitive directories of ITSM server. | |||
| CVE-2024-29822 | 0.00 | — | 0.64 | May 31, 2024 | An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an unauthenticated attacker within the same network to execute arbitrary code. | |||
| CVE-2024-29826 | 0.00 | — | 1.00 | May 31, 2024 | An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an unauthenticated attacker within the same network to execute arbitrary code. | |||
| CVE-2024-29828 | 0.00 | — | 0.08 | May 31, 2024 | An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an authenticated attacker within the same network to execute arbitrary code. | |||
| CVE-2024-29829 | 0.00 | — | 0.08 | May 31, 2024 | An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an authenticated attacker within the same network to execute arbitrary code. | |||
| CVE-2024-29846 | 0.00 | — | 0.08 | May 31, 2024 | An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an authenticated attacker within the same network to execute arbitrary code. | |||
| CVE-2024-29830 | 0.00 | — | 0.08 | May 31, 2024 | An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an authenticated attacker within the same network to execute arbitrary code. | |||
| CVE-2024-22058 | 0.00 | — | 0.00 | May 31, 2024 | A buffer overflow allows a low privilege user on the local machine that has the EPM Agent installed to execute arbitrary code with elevated permissions in Ivanti EPM 2021.1 and older. | |||
| CVE-2024-29825 | 0.00 | — | 1.00 | May 31, 2024 | An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an unauthenticated attacker within the same network to execute arbitrary code. | |||
| CVE-2023-46806 | 0.00 | — | 0.01 | May 22, 2024 | An SQL Injection vulnerability in a web component of EPMM versions before 12.1.0.0 allows an authenticated user with appropriate privilege to access or modify data in the underlying database. | |||
| CVE-2023-46807 | 0.00 | — | 0.01 | May 22, 2024 | An SQL Injection vulnerability in web component of EPMM before 12.1.0.0 allows an authenticated user with appropriate privilege to access or modify data in the underlying database. | |||
| CVE-2024-22026 | 0.00 | — | 0.01 | May 22, 2024 | A local privilege escalation vulnerability in EPMM before 12.1.0.0 allows an authenticated local user to bypass shell restriction and execute arbitrary commands on the appliance. | |||
| CVE-2024-23527 | 0.00 | — | 0.02 | Apr 24, 2024 | An out-of-bounds read vulnerability in WLAvalancheService component of Ivanti Avalanche before 6.4.3, in certain conditions can allow an unauthenticated remote attacker to read sensitive information in memory. | |||
| CVE-2024-23526 | 0.00 | — | 0.02 | Apr 19, 2024 | An out-of-bounds read vulnerability in WLAvalancheService component of Ivanti Avalanche before 6.4.3, in certain conditions can allow an unauthenticated remote attacker to read sensitive information in memory. | |||
| CVE-2024-22061 | 0.00 | — | 0.04 | Apr 19, 2024 | A Heap Overflow vulnerability in WLInfoRailService component of Ivanti Avalanche before 6.4.3 allows a remote unauthenticated attacker to execute arbitrary commands | |||
| CVE-2024-23529 | 0.00 | — | 0.02 | Apr 19, 2024 | An out-of-bounds read vulnerability in WLAvalancheService component of Ivanti Avalanche before 6.4.3, in certain conditions can allow an unauthenticated remote attacker to read sensitive information in memory. | |||
| CVE-2024-23528 | 0.00 | — | 0.02 | Apr 19, 2024 | An out-of-bounds read vulnerability in WLAvalancheService component of Ivanti Avalanche before 6.4.3, in certain conditions can allow an unauthenticated remote attacker to read sensitive information in memory. | |||
| CVE-2024-27977 | 0.00 | — | 0.02 | Apr 19, 2024 | A Path Traversal vulnerability in web component of Ivanti Avalanche before 6.4.3 allows a remote authenticated attacker to delete arbitrary files, thereby leading to Denial-of-Service. | |||
| CVE-2024-24998 | 0.00 | — | 0.03 | Apr 19, 2024 | A Path Traversal vulnerability in web component of Ivanti Avalanche before 6.4.3 allows a remote authenticated attacker to execute arbitrary commands as SYSTEM. | |||
| CVE-2024-24995 | 0.00 | — | 0.02 | Apr 19, 2024 | A Race Condition (TOCTOU) vulnerability in web component of Ivanti Avalanche before 6.4.3 allows a remote authenticated attacker to execute arbitrary commands as SYSTEM. | |||
| CVE-2024-24993 | 0.00 | — | 0.02 | Apr 19, 2024 | A Race Condition (TOCTOU) vulnerability in web component of Ivanti Avalanche before 6.4.3 allows a remote authenticated attacker to execute arbitrary commands as SYSTEM. | |||
| CVE-2024-24991 | 0.00 | — | 0.02 | Apr 19, 2024 | A Null Pointer Dereference vulnerability in WLAvalancheService component of Ivanti Avalanche before 6.4.3 allows an authenticated remote attacker to perform denial of service attacks. | |||
| CVE-2024-27978 | 0.00 | — | 0.02 | Apr 19, 2024 | A Null Pointer Dereference vulnerability in WLAvalancheService component of Ivanti Avalanche before 6.4.3 allows an authenticated remote attacker to perform denial of service attacks. | |||
| CVE-2024-23534 | 0.00 | — | 0.03 | Apr 19, 2024 | An Unrestricted File-upload vulnerability in web component of Ivanti Avalanche before 6.4.3 allows a remote authenticated attacker to execute arbitrary commands as SYSTEM. |
- CVE-2024-47007Oct 8, 2024risk 0.00cvss —epss 0.01
A NULL pointer dereference in WLAvalancheService.exe of Ivanti Avalanche before version 6.4.5 allows a remote unauthenticated attacker to cause a denial of service.
- CVE-2024-9167Oct 8, 2024risk 0.00cvss —epss 0.00
Under specific circumstances, insecure permissions in Ivanti Velocity License Server before version 5.2 allows a local authenticated attacker to achieve local privilege escalation.
- CVE-2024-9381Oct 8, 2024risk 0.00cvss —epss 0.16
Path traversal in Ivanti CSA before version 5.0.2 allows a remote authenticated attacker with admin privileges to bypass restrictions.
- CVE-2024-7612Oct 8, 2024risk 0.00cvss —epss 0.00
Insecure permissions in Ivanti EPMM before 12.1.0.4 allow a local authenticated attacker to modify sensitive application components.
- CVE-2024-8441Sep 10, 2024risk 0.00cvss —epss 0.00
An uncontrolled search path in the agent of Ivanti EPM before 2022 SU6, or the 2024 September update allows a local authenticated attacker with admin privileges to escalate their privileges to SYSTEM.
- CVE-2024-8322Sep 10, 2024risk 0.00cvss —epss 0.01
Weak authentication in Patch Management of Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote authenticated attacker to access restricted functionality.
- CVE-2024-8321Sep 10, 2024risk 0.00cvss —epss 0.02
Missing authentication in Network Isolation of Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote unauthenticated attacker to isolate managed devices from the network.
- CVE-2024-8320Sep 10, 2024risk 0.00cvss —epss 0.01
Missing authentication in Network Isolation of Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote unauthenticated attacker to spoof Network Isolation status of managed devices.
- CVE-2024-44107Sep 10, 2024risk 0.00cvss —epss 0.00
DLL hijacking in the management console of Ivanti Workspace Control before version 2025.2 (10.19.0.0) allows a local authenticated attacker to escalate their privileges and achieve arbitrary code execution.
- CVE-2024-44106Sep 10, 2024risk 0.00cvss —epss 0.00
Insufficient server-side controls in the management console of Ivanti Workspace Control before version 2025.2 (10.19.0.0) allows a local authenticated attacker to escalate their privileges.
- CVE-2024-44105Sep 10, 2024risk 0.00cvss —epss 0.00
Cleartext transmission of sensitive information in the management console of Ivanti Workspace Control before version 2025.2 (10.19.0.0) allows a local authenticated attacker to obtain OS credentials.
- CVE-2024-44104Sep 10, 2024risk 0.00cvss —epss 0.00
An incorrectly implemented authentication scheme that is subjected to a spoofing attack in the management console of Ivanti Workspace Control before version 2025.2 (10.19.0.0) allows a local authenticated attacker to escalate their privileges.
- CVE-2024-44103Sep 10, 2024risk 0.00cvss —epss 0.00
DLL hijacking in the management console of Ivanti Workspace Control before version 2025.2 (10.19.0.0) allows a local authenticated attacker to escalate their privileges.
- CVE-2024-8012Sep 10, 2024risk 0.00cvss —epss 0.00
An authentication bypass weakness in the message broker service of Ivanti Workspace Control before version 2025.2 (10.19.0.0) allows a local authenticated attacker to escalate their privileges.
- CVE-2024-37373Aug 14, 2024risk 0.00cvss —epss 0.02
Improper input validation in the Central Filestore in Ivanti Avalanche 6.3.1 allows a remote authenticated attacker with admin rights to achieve RCE.
- CVE-2024-7570Aug 13, 2024risk 0.00cvss —epss 0.01
Improper certificate validation in Ivanti ITSM on-prem and Neurons for ITSM Versions 2023.4 and earlier allows a remote attacker in a MITM position to craft a token that would allow access to ITSM as any user.
- CVE-2024-36130Aug 7, 2024risk 0.00cvss —epss 0.02
An insufficient authorization vulnerability in web component of EPMM prior to 12.1.0.1 allows an unauthorized attacker within the network to execute arbitrary commands on the underlying operating system of the appliance.
- CVE-2024-36131Aug 7, 2024risk 0.00cvss —epss 0.02
An insecure deserialization vulnerability in web component of EPMM prior to 12.1.0.1 allows an authenticated remote attacker to execute arbitrary commands on the underlying operating system of the appliance.
- CVE-2024-36132Aug 7, 2024risk 0.00cvss —epss 0.01
Insufficient verification of authentication controls in EPMM prior to 12.1.0.1 allows a remote attacker to bypass authentication and access sensitive resources.
- CVE-2024-37403Aug 7, 2024risk 0.00cvss —epss 0.00
Ivanti Docs@Work for Android, before 2.26.0 is affected by the 'Dirty Stream' vulnerability. The application fails to properly sanitize file names, resulting in a path traversal-affiliated vulnerability. This potentially enables other malicious apps on the device to read…
- CVE-2024-37381Jul 29, 2024risk 0.00cvss —epss 0.03
An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2024 flat allows an authenticated attacker within the same network to execute arbitrary code.
- CVE-2023-38042May 31, 2024risk 0.00cvss —epss 0.00
A local privilege escalation vulnerability in Ivanti Secure Access Client for Windows allows a low privileged user to execute code as SYSTEM.
- CVE-2023-46810May 31, 2024risk 0.00cvss —epss 0.00
A local privilege escalation vulnerability in Ivanti Secure Access Client for Linux before 22.7R1, allows a low privileged user to execute code as root.
- CVE-2024-22059May 31, 2024risk 0.00cvss —epss 0.01
A SQL injection vulnerability in web component of Ivanti Neurons for ITSM allows a remote authenticated user to read/modify/delete information in the underlying database. This may also lead to DoS.
- CVE-2024-29823May 31, 2024risk 0.00cvss —epss 1.00
An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an unauthenticated attacker within the same network to execute arbitrary code.
- CVE-2024-29827May 31, 2024risk 0.00cvss —epss 0.72
An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an unauthenticated attacker within the same network to execute arbitrary code.
- CVE-2024-22060May 31, 2024risk 0.00cvss —epss 0.01
An unrestricted file upload vulnerability in web component of Ivanti Neurons for ITSM allows a remote, authenticated, high privileged user to write arbitrary files into sensitive directories of ITSM server.
- CVE-2024-29822May 31, 2024risk 0.00cvss —epss 0.64
An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an unauthenticated attacker within the same network to execute arbitrary code.
- CVE-2024-29826May 31, 2024risk 0.00cvss —epss 1.00
An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an unauthenticated attacker within the same network to execute arbitrary code.
- CVE-2024-29828May 31, 2024risk 0.00cvss —epss 0.08
An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an authenticated attacker within the same network to execute arbitrary code.
- CVE-2024-29829May 31, 2024risk 0.00cvss —epss 0.08
An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an authenticated attacker within the same network to execute arbitrary code.
- CVE-2024-29846May 31, 2024risk 0.00cvss —epss 0.08
An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an authenticated attacker within the same network to execute arbitrary code.
- CVE-2024-29830May 31, 2024risk 0.00cvss —epss 0.08
An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an authenticated attacker within the same network to execute arbitrary code.
- CVE-2024-22058May 31, 2024risk 0.00cvss —epss 0.00
A buffer overflow allows a low privilege user on the local machine that has the EPM Agent installed to execute arbitrary code with elevated permissions in Ivanti EPM 2021.1 and older.
- CVE-2024-29825May 31, 2024risk 0.00cvss —epss 1.00
An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an unauthenticated attacker within the same network to execute arbitrary code.
- CVE-2023-46806May 22, 2024risk 0.00cvss —epss 0.01
An SQL Injection vulnerability in a web component of EPMM versions before 12.1.0.0 allows an authenticated user with appropriate privilege to access or modify data in the underlying database.
- CVE-2023-46807May 22, 2024risk 0.00cvss —epss 0.01
An SQL Injection vulnerability in web component of EPMM before 12.1.0.0 allows an authenticated user with appropriate privilege to access or modify data in the underlying database.
- CVE-2024-22026May 22, 2024risk 0.00cvss —epss 0.01
A local privilege escalation vulnerability in EPMM before 12.1.0.0 allows an authenticated local user to bypass shell restriction and execute arbitrary commands on the appliance.
- CVE-2024-23527Apr 24, 2024risk 0.00cvss —epss 0.02
An out-of-bounds read vulnerability in WLAvalancheService component of Ivanti Avalanche before 6.4.3, in certain conditions can allow an unauthenticated remote attacker to read sensitive information in memory.
- CVE-2024-23526Apr 19, 2024risk 0.00cvss —epss 0.02
An out-of-bounds read vulnerability in WLAvalancheService component of Ivanti Avalanche before 6.4.3, in certain conditions can allow an unauthenticated remote attacker to read sensitive information in memory.
- CVE-2024-22061Apr 19, 2024risk 0.00cvss —epss 0.04
A Heap Overflow vulnerability in WLInfoRailService component of Ivanti Avalanche before 6.4.3 allows a remote unauthenticated attacker to execute arbitrary commands
- CVE-2024-23529Apr 19, 2024risk 0.00cvss —epss 0.02
An out-of-bounds read vulnerability in WLAvalancheService component of Ivanti Avalanche before 6.4.3, in certain conditions can allow an unauthenticated remote attacker to read sensitive information in memory.
- CVE-2024-23528Apr 19, 2024risk 0.00cvss —epss 0.02
An out-of-bounds read vulnerability in WLAvalancheService component of Ivanti Avalanche before 6.4.3, in certain conditions can allow an unauthenticated remote attacker to read sensitive information in memory.
- CVE-2024-27977Apr 19, 2024risk 0.00cvss —epss 0.02
A Path Traversal vulnerability in web component of Ivanti Avalanche before 6.4.3 allows a remote authenticated attacker to delete arbitrary files, thereby leading to Denial-of-Service.
- CVE-2024-24998Apr 19, 2024risk 0.00cvss —epss 0.03
A Path Traversal vulnerability in web component of Ivanti Avalanche before 6.4.3 allows a remote authenticated attacker to execute arbitrary commands as SYSTEM.
- CVE-2024-24995Apr 19, 2024risk 0.00cvss —epss 0.02
A Race Condition (TOCTOU) vulnerability in web component of Ivanti Avalanche before 6.4.3 allows a remote authenticated attacker to execute arbitrary commands as SYSTEM.
- CVE-2024-24993Apr 19, 2024risk 0.00cvss —epss 0.02
A Race Condition (TOCTOU) vulnerability in web component of Ivanti Avalanche before 6.4.3 allows a remote authenticated attacker to execute arbitrary commands as SYSTEM.
- CVE-2024-24991Apr 19, 2024risk 0.00cvss —epss 0.02
A Null Pointer Dereference vulnerability in WLAvalancheService component of Ivanti Avalanche before 6.4.3 allows an authenticated remote attacker to perform denial of service attacks.
- CVE-2024-27978Apr 19, 2024risk 0.00cvss —epss 0.02
A Null Pointer Dereference vulnerability in WLAvalancheService component of Ivanti Avalanche before 6.4.3 allows an authenticated remote attacker to perform denial of service attacks.
- CVE-2024-23534Apr 19, 2024risk 0.00cvss —epss 0.03
An Unrestricted File-upload vulnerability in web component of Ivanti Avalanche before 6.4.3 allows a remote authenticated attacker to execute arbitrary commands as SYSTEM.
Page 7 of 9