Filtered by vendor Ivanti
Subscribe
Total
430 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-29826 | 1 Ivanti | 1 Endpoint Manager | 2024-10-03 | N/A | 8.8 HIGH |
| An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an unauthenticated attacker within the same network to execute arbitrary code. | |||||
| CVE-2024-29827 | 1 Ivanti | 1 Endpoint Manager | 2024-10-03 | N/A | 8.8 HIGH |
| An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an unauthenticated attacker within the same network to execute arbitrary code. | |||||
| CVE-2023-28324 | 1 Ivanti | 1 Endpoint Manager | 2024-09-25 | N/A | 9.8 CRITICAL |
| A improper input validation vulnerability exists in Ivanti Endpoint Manager 2022 and below that could allow privilege escalation or remote code execution. | |||||
| CVE-2023-38344 | 1 Ivanti | 1 Endpoint Manager | 2024-09-25 | N/A | 6.5 MEDIUM |
| An issue was discovered in Ivanti Endpoint Manager before 2022 SU4. A file disclosure vulnerability exists in the GetFileContents SOAP action exposed via /landesk/managementsuite/core/core.secure/OsdScript.asmx. The application does not sufficiently restrict user-supplied paths, allowing for an authenticated attacker to read arbitrary files from a remote system, including the private key used to authenticate to agents for remote access. | |||||
| CVE-2024-7593 | 1 Ivanti | 1 Virtual Traffic Management | 2024-09-25 | N/A | 9.8 CRITICAL |
| Incorrect implementation of an authentication algorithm in Ivanti vTM other than versions 22.2R1 or 22.7R2 allows a remote unauthenticated attacker to bypass authentication of the admin panel. | |||||
| CVE-2024-8963 | 1 Ivanti | 1 Endpoint Manager Cloud Services Appliance | 2024-09-20 | N/A | 9.1 CRITICAL |
| Path Traversal in the Ivanti CSA before 4.6 Patch 519 allows a remote unauthenticated attacker to access restricted functionality. | |||||
| CVE-2023-46265 | 1 Ivanti | 1 Avalanche | 2024-09-17 | N/A | 9.8 CRITICAL |
| An unauthenticated could abuse a XXE vulnerability in the Smart Device Server to leak data or perform a Server-Side Request Forgery (SSRF). | |||||
| CVE-2023-46224 | 2 Ivanti, Microsoft | 2 Avalanche, Windows | 2024-09-17 | N/A | 9.8 CRITICAL |
| An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution. | |||||
| CVE-2024-32846 | 1 Ivanti | 1 Endpoint Manager | 2024-09-12 | N/A | 7.2 HIGH |
| An unspecified SQL injection in Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote authenticated attacker with admin privileges to achieve remote code execution. | |||||
| CVE-2024-34785 | 1 Ivanti | 1 Endpoint Manager | 2024-09-12 | N/A | 7.2 HIGH |
| An unspecified SQL injection in Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote authenticated attacker with admin privileges to achieve remote code execution. | |||||
| CVE-2024-34779 | 1 Ivanti | 1 Endpoint Manager | 2024-09-12 | N/A | 7.2 HIGH |
| An unspecified SQL injection in Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote authenticated attacker with admin privileges to achieve remote code execution. | |||||
| CVE-2024-32842 | 1 Ivanti | 1 Endpoint Manager | 2024-09-12 | N/A | 7.2 HIGH |
| An unspecified SQL injection in Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote authenticated attacker with admin privileges to achieve remote code execution. | |||||
| CVE-2024-29847 | 1 Ivanti | 1 Endpoint Manager | 2024-09-12 | N/A | 9.8 CRITICAL |
| Deserialization of untrusted data in the agent portal of Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote unauthenticated attacker to achieve remote code execution. | |||||
| CVE-2024-32845 | 1 Ivanti | 1 Endpoint Manager | 2024-09-12 | N/A | 7.2 HIGH |
| An unspecified SQL injection in Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote authenticated attacker with admin privileges to achieve remote code execution. | |||||
| CVE-2024-32840 | 1 Ivanti | 1 Endpoint Manager | 2024-09-12 | N/A | 7.2 HIGH |
| An unspecified SQL injection in Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote authenticated attacker with admin privileges to achieve remote code execution. | |||||
| CVE-2024-34783 | 1 Ivanti | 1 Endpoint Manager | 2024-09-12 | N/A | 7.2 HIGH |
| An unspecified SQL injection in Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote authenticated attacker with admin privileges to achieve remote code execution. | |||||
| CVE-2024-32848 | 1 Ivanti | 1 Endpoint Manager | 2024-09-12 | N/A | 7.2 HIGH |
| An unspecified SQL injection in Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote authenticated attacker with admin privileges to achieve remote code execution. | |||||
| CVE-2024-32843 | 1 Ivanti | 1 Endpoint Manager | 2024-09-12 | N/A | 7.2 HIGH |
| An unspecified SQL injection in Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote authenticated attacker with admin privileges to achieve remote code execution. | |||||
| CVE-2024-8322 | 1 Ivanti | 1 Endpoint Manager | 2024-09-12 | N/A | 8.8 HIGH |
| Weak authentication in Patch Management of Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote authenticated attacker to access restricted functionality. | |||||
| CVE-2024-8321 | 1 Ivanti | 1 Endpoint Manager | 2024-09-12 | N/A | 8.6 HIGH |
| Missing authentication in Network Isolation of Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote unauthenticated attacker to isolate managed devices from the network. | |||||