Vulnerabilidades en ivanti
376 resultadosCVE-2024-38648CRITICALA hardcoded secret in Ivanti DSM before 2024.2 allows an authenticated attacker on an adjacent network to decrypt sensitive data including uEPSS 0.6%CVE-2024-7570HIGHImproper certificate validation in Ivanti ITSM on-prem and Neurons for ITSM Versions 2023.4 and earlier allows a remote attacker in a MITM pEPSS 0.5%CVE-2025-22465MEDIUMReflected XSS in Ivanti Endpoint Manager before version 2024 SU1 or before version 2022 SU7 allows a remote unauthenticated attacker to execEPSS 0.5%CVE-2025-55148HIGHMissing authorization in Ivanti Connect Secure before 22.7R2.9 or 22.8R2, Ivanti Policy Secure before 22.7R1.6, Ivanti ZTA Gateway before 2.EPSS 0.5%CVE-2025-55144MEDIUMMissing authorization in Ivanti Connect Secure before 22.7R2.9 or 22.8R2, Ivanti Policy Secure before 22.7R1.6, Ivanti ZTA Gateway before 2.EPSS 0.5%CVE-2026-7821HIGHImproper certificate validation in Ivanti EPMM before versions 12.6.1.1, 12.7.0.1, and 12.8.0.1 allows a remote unauthenticated attacker to EPSS 0.5%CVE-2024-13172HIGHImproper signature verification in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows EPSS 0.5%CVE-2025-13662HIGHImproper verification of cryptographic signatures in the patch management component of Ivanti Endpoint Manager prior to version 2024 SU4 SR1EPSS 0.5%CVE-2022-43554HIGHIvanti Avalanche Smart Device Service Missing Authentication Local Privilege Escalation VulnerabilityEPSS 0.5%CVE-2022-43555HIGHIvanti Avalanche Printer Device Service Missing Authentication Local Privilege Escalation VulnerabilityEPSS 0.5%CVE-2024-37403MEDIUMIvanti Docs@Work for Android, before 2.26.0 is affected by the 'Dirty Stream' vulnerability. The application fails to properly sanitize fileEPSS 0.5%CVE-2023-41718HIGHWhen a particular process flow is initiated, an attacker may be able to gain unauthorized elevated privileges on the affected system when haEPSS 0.5%CVE-2024-13169HIGHAn out-of-bounds read in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a local auEPSS 0.4%CVE-2025-8712MEDIUMMissing authorization in Ivanti Connect Secure before 22.7R2.9 or 22.8R2, Ivanti Policy Secure before 22.7R1.6, Ivanti ZTA Gateway before 22EPSS 0.4%CVE-2025-0293MEDIUMCLRF injection in Ivanti Connect Secure before version 22.7R2.8 and Ivanti Policy Secure before version 22.7R1.5 allows a remote authenticatEPSS 0.4%CVE-2026-3483HIGHAn exposed dangerous method in Ivanti DSM before version 2026.1.1 allows a local authenticated attacker to escalate their privileges.EPSS 0.4%CVE-2024-22058HIGHA buffer overflow allows a low privilege user on the local machine that has the EPM Agent installed to execute arbitrary code with elevated EPSS 0.4%CVE-2023-38544MEDIUMA logged in user can modify specific files that may lead to unauthorized changes in system-wide configuration settings. This vulnerability cEPSS 0.4%CVE-2023-38043HIGHA vulnerability exists on all versions of the Ivanti Secure Access Client below 22.6R1.1, which could allow a locally authenticated attackerEPSS 0.4%CVE-2023-38543HIGHA vulnerability exists on all versions of the Ivanti Secure Access Client below 22.6R1.1, which could allow a locally authenticated attackerEPSS 0.4%