Vulnerabilities in Ivanti

376 results

CVE-2024-21893HIGHA server-side request forgery vulnerability in the SAML component of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure (9.x, 22.x) EPSS 100.0%KEV CVE-2024-21887CRITICALA command injection vulnerability in web components of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure (9.x, 22.x) allows an autEPSS 100.0%KEV CVE-2023-35082CRITICALAn authentication bypass vulnerability in Ivanti EPMM 11.10 and older, allows unauthorized users to access restricted functionality or resouEPSS 100.0%KEV CVE-2023-35078CRITICALAn authentication bypass vulnerability in Ivanti EPMM allows unauthorized users to access restricted functionality or resources of the appliEPSS 100.0%KEV CVE-2024-7593CRITICALIncorrect implementation of an authentication algorithm in Ivanti vTM other than versions 22.2R1 or 22.7R2 allows a remote unauthenticated aEPSS 100.0%KEV CVE-2023-46805HIGHAn authentication bypass vulnerability in the web component of Ivanti ICS 9.x, 22.x and Ivanti Policy Secure allows a remote attacker to accEPSS 100.0%KEV CVE-2025-0282CRITICALA stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.5, Ivanti Policy Secure before version 22.7R1.2, and Ivanti NeuEPSS 100.0%KEV CVE-2025-22457CRITICALA stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.6, Ivanti Policy Secure before version 22.7R1.4, and Ivanti ZTAEPSS 100.0%KEV CVE-2024-29824CRITICALAn unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an unauthenticated attacker within the samEPSS 100.0%KEV CVE-2023-38035CRITICALA security vulnerability in MICS Admin Portal in Ivanti MobileIron Sentry versions 9.18.0 and below, which may allow an attacker to bypass aEPSS 99.9%KEV CVE-2024-29825CRITICALAn unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an unauthenticated attacker within the samEPSS 99.9%CVE-2024-29826CRITICALAn unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an unauthenticated attacker within the samEPSS 99.9%CVE-2024-29823CRITICALAn unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an unauthenticated attacker within the samEPSS 99.9%CVE-2024-13159CRITICALAbsolute path traversal in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remoteEPSS 99.8%KEV CVE-2025-4427MEDIUMAuthentication BypassEPSS 99.6%KEV CVE-2026-10520CRITICALAn OS Command Injection vulnerability in Ivanti Sentry before the R10.5.2, R10.6.2 and R10.7.1 versions allows a remote unauthenticated userEPSS 98.9%CVE-2023-32560HIGHAn attacker can send a specially crafted message to the Wavelink Avalanche Manager, which could result in service disruption or arbitrary coEPSS 98.9%CVE-2024-8963CRITICALPath Traversal in the Ivanti CSA before 4.6 Patch 519 allows a remote unauthenticated attacker to access restricted functionality.EPSS 98.4%KEV CVE-2024-22024HIGHAn XML external entity or XXE vulnerability in the SAML component of Ivanti Connect Secure (9.x, 22.x), Ivanti Policy Secure (9.x, 22.x) andEPSS 94.7%CVE-2024-38653HIGHXXE in SmartDeviceServer in Ivanti Avalanche 6.3.1 allows a remote unauthenticated attacker to read arbitrary files on the server.EPSS 92.0%

← previouspage 1 / 19next →