Vulnerabilities in Ivanti

376 results

Vexday analysis

Com 24 vulnerabilidades confirmadas em exploração ativa dentro de um universo de 366 CVEs catalogadas, a taxa de presença no catálogo KEV da CISA é 14,6 vezes acima da média geral do catálogo, o que indica um histórico consistente de interesse de agentes de ameaça nos produtos Ivanti. Das 366 falhas, 83 são classificadas como críticas e 20 possuem prova de conceito pública disponível, aumentando a superfície de risco para organizações que não mantêm ciclos de correção agressivos. O tipo de falha mais recorrente é CWE-89 (injeção de SQL), sugerindo lacunas estruturais em validação de entradas que tendem a produzir vulnerabilidades de alto impacto. A CVE mais perigosa atualmente ativa, CVE-2024-21893, registra EPSS máximo de 1,0, indicando probabilidade extremamente elevada de exploração, e deve ser tratada como prioridade absoluta de remediação.

CVE-2024-10630HIGHA race condition in Ivanti Application Control Engine before version 10.14.4.0 allows a local authenticated attacker to bypass the applicatiEPSS 0.2%CVE-2025-10918HIGHInsecure default permissions in the agent of Ivanti Endpoint Manager before version 2024 SU4 allows a local authenticated attacker to write EPSS 0.2%CVE-2024-8539HIGHImproper authorization in Ivanti Secure Access Client before version 22.7R3 allows a local authenticated attacker to modify sensitive configEPSS 0.2%CVE-2024-9842HIGHIncorrect permissions in Ivanti Secure Access Client before version 22.7R4 allows a local authenticated attacker to create arbitrary foldersEPSS 0.2%CVE-2024-11597HIGHUnder specific circumstances, insecure permissions in Ivanti Performance Manager before version 2024.3 HF1, 2024.1 HF1, or 2023.3 HF1 allowsEPSS 0.2%CVE-2024-9845HIGHUnder specific circumstances, insecure permissions in Ivanti Automation before version 2024.4.0.1 allows a local authenticated attacker to aEPSS 0.2%CVE-2024-10251HIGHUnder specific circumstances, insecure permissions in Ivanti Security Controls before version 2024.4.1 allows a local authenticated attackerEPSS 0.2%CVE-2024-8496HIGHUnder specific circumstances, insecure permissions in Ivanti Workspace Control before version 10.18.40.0 allows a local authenticated attackEPSS 0.2%CVE-2024-11598HIGHUnder specific circumstances, insecure permissions in Ivanti Application Control before version 2024.3 HF1, 2024.1 HF2, or 2023.3 HF3 allowsEPSS 0.2%CVE-2024-10256HIGHInsufficient permissions in Ivanti Patch SDK before version 9.7.703 allows a local authenticated attacker to delete arbitrary files.EPSS 0.2%CVE-2024-13813HIGHInsufficient permissions in Ivanti Secure Access Client before version 22.8R1 allows a local authenticated attacker to delete arbitrary fileEPSS 0.2%CVE-2024-7572HIGHInsufficient permissions in Ivanti DSM before version 2024.3.5740 allows a local authenticated attacker to delete arbitrary files.EPSS 0.2%CVE-2025-6995HIGHImproper Encryption in Ivanti Endpoint ManagerEPSS 0.2%CVE-2025-6996HIGHImproper Encryption in Ivanti Endpoint ManagerEPSS 0.2%CVE-2026-7431MEDIUMAn incorrect permission assignment for critical resource of Ivanti Secure Access Client before 22.8R6 allows a local authenticated user toEPSS 0.2%CVE-2024-44105HIGHCleartext transmission of sensitive information in the management console of Ivanti Workspace Control before version 2025.2 (10.19.0.0) allEPSS 0.2%

← previouspage 19 / 19next →