Vulnerabilities in ivanti
376 resultsCVE-2025-22459MEDIUMImproper certificate validation in Ivanti Endpoint Manager before version 2024 SU1 or before version 2022 SU7 allows a remote unauthenticateEPSS 0.3%CVE-2025-22454HIGHInsufficiently restrictive permissions in Ivanti Secure Access Client before 22.7R4 allows a local authenticated attacker to escalate their EPSS 0.3%CVE-2026-7432HIGHA race condition in Ivanti Secure Access Client before 22.8R6 allows a locally authenticated user to escalate privileges to SYSTEMEPSS 0.3%CVE-2024-38654MEDIUMImproper bounds checking in Ivanti Secure Access Client before version 22.7R3 allows a local authenticated attacker with admin privileges toEPSS 0.3%CVE-2024-8012HIGHAn authentication bypass weakness in the message broker service of Ivanti Workspace Control before version 2025.2 (10.19.0.0) allows a localEPSS 0.3%CVE-2024-44107HIGHDLL hijacking in the management console of Ivanti Workspace Control before version 2025.2 (10.19.0.0) allows a local authenticated attacker EPSS 0.3%CVE-2024-7571HIGHIncorrect permissions in Ivanti Secure Access Client before 22.7R4 allows a local authenticated attacker to escalate their privileges.EPSS 0.3%CVE-2024-9843MEDIUMA buffer over-read in Ivanti Secure Access Client before 22.7R4 allows a local unauthenticated attacker to cause a denial of service.EPSS 0.3%CVE-2024-8540HIGHInsecure permissions in Ivanti Sentry before versions 9.20.2 and 10.0.2 or 10.1.0 allow a local authenticated attacker to modify sensitive aEPSS 0.2%CVE-2025-5450MEDIUMImproper access control in the certificate management component of Ivanti Connect Secure before version 22.7R2.8 and Ivanti Policy Secure beEPSS 0.2%CVE-2024-44106HIGHInsufficient server-side controls in the management console of Ivanti Workspace Control before version 2025.2 (10.19.0.0) allows a local autEPSS 0.2%CVE-2026-8110HIGHIncorrect permissions assignment in the agent of Ivanti Endpoint Manager before version 2024 SU6 allows a local authenticated attacker to esEPSS 0.2%CVE-2024-44103HIGHDLL hijacking in the management console of Ivanti Workspace Control before version 2025.2 (10.19.0.0) allows a local authenticated attacker EPSS 0.2%CVE-2024-7612HIGHInsecure permissions in Ivanti EPMM before 12.1.0.4 allow a local authenticated attacker to modify sensitive application components.EPSS 0.2%CVE-2024-44104HIGHAn incorrectly implemented authentication scheme that is subjected to a spoofing attack in the management console of Ivanti Workspace ControEPSS 0.2%CVE-2024-9167HIGHUnder specific circumstances, insecure permissions in Ivanti Velocity License Server before version 5.2 allows a local authenticated attackeEPSS 0.2%CVE-2024-29213HIGHIvanti DSM < version 2024.2 allows authenticated users on the local machine to run code with elevated privileges due to insecure ACL via unsEPSS 0.2%CVE-2025-22464MEDIUMAn untrusted pointer dereference vulnerability in Ivanti Endpoint Manager before version 2024 SU1 or before version 2022 SU7 allows an attacEPSS 0.2%CVE-2024-29821HIGHIvanti DSM < version 2024.2 allows authenticated users on the local machine to run code with elevated privileges due to insecure ACL via unsEPSS 0.2%CVE-2024-47906HIGHExcessive binary privileges in Ivanti Connect Secure before version 22.7R2.3 (Not Applicable to 9.1Rx) and Ivanti Policy Secure before versiEPSS 0.2%