Vulnerabilidades en Ivanti
376 resultadosCVE-2023-35083—Allows an authenticated attacker with network access to read arbitrary files on Endpoint Manager recently discovered on 2022 SU3 and all preEPSS 1.1%CVE-2024-8322MEDIUMWeak authentication in Patch Management of Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote authenticated attacker tEPSS 1.1%CVE-2024-50331HIGHAn out-of-bounds read vulnerability in Ivanti Avalanche before 6.4.6 allows a remote unauthenticated attacker to leak sensitive information EPSS 1.1%CVE-2024-22059HIGHA SQL injection vulnerability in web component of Ivanti Neurons for ITSM allows a remote authenticated user to read/modify/delete informatiEPSS 1.1%CVE-2023-46807MEDIUMAn SQL Injection vulnerability in web component of EPMM before 12.1.0.0 allows an authenticated user with appropriate privilege to access orEPSS 1.1%CVE-2024-47909MEDIUMA stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.3 and Ivanti Policy Secure before version 22.7R1.2 allows a remEPSS 1.1%CVE-2024-47905MEDIUMA stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.3 and Ivanti Policy Secure before version 22.7R1.2 allows a remEPSS 1.1%CVE-2025-5462HIGHA heap-based buffer overflow in Ivanti Connect Secure before 22.7R2.8 or 22.8R2, Ivanti Policy Secure before 22.7R1.5, Ivanti ZTA Gateway beEPSS 1.0%CVE-2025-22466HIGHReflected XSS in Ivanti Endpoint Manager before version 2024 SU1 or before version 2022 SU7 allows a remote unauthenticated attacker to obtaEPSS 1.0%CVE-2025-5456HIGHA buffer over-read vulnerability in Ivanti Connect Secure before 22.7R2.8 or 22.8R2, Ivanti Policy Secure before 22.7R1.5, Ivanti ZTA GatewaEPSS 1.0%CVE-2024-50327HIGHSQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote authenticEPSS 1.0%CVE-2025-8296HIGHSQL injection in Ivanti Avalanche before version 6.4.8.8008 allows a remote authenticated attacker with admin privileges to execute arbitrarEPSS 1.0%CVE-2023-38551HIGHA CRLF Injection vulnerability in Ivanti Connect Secure (9.x, 22.x) allows an authenticated high-privileged user to inject malicious code onEPSS 1.0%CVE-2023-46806MEDIUMAn SQL Injection vulnerability in a web component of EPMM versions before 12.1.0.0 allows an authenticated user with appropriate privilege tEPSS 1.0%CVE-2024-9844HIGHInsufficient server-side controls in Secure Application Manager of Ivanti Connect Secure before version 22.7R2.4 allows a remote authenticatEPSS 1.0%CVE-2024-11771MEDIUMPath traversal in Ivanti CSA before version 5.0.5 allows a remote unauthenticated attacker to access restricted functionality.EPSS 0.9%CVE-2023-39339MEDIUMA vulnerability exists on all versions of Ivanti Policy Secure below 22.6R1 where an authenticated administrator can perform an arbitrary fiEPSS 0.9%CVE-2024-34788MEDIUMAn improper authentication vulnerability in web component of EPMM prior to 12.1.0.1 allows a remote malicious user to access potentially senEPSS 0.9%CVE-2024-12058MEDIUMExternal control of a file name in Ivanti Connect Secure before version 22.7R2.6 and Ivanti Policy Secure before version 22.7R1.3 allows a rEPSS 0.9%CVE-2026-8111HIGHSQL injection in the web console of Ivanti Endpoint Manager before version 2024 SU6 allows a remote authenticated attacker to achieve remoteEPSS 0.9%