Vulnerabilidades en ivanti
376 resultadosCVE-2023-32564MEDIUMAn unrestricted upload of file with dangerous type vulnerability exists in Avalanche versions 6.4.1 and below that could allow an attacker tEPSS 37.4%CVE-2023-46216CRITICALAn attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial ofEPSS 36.4%CVE-2023-41727CRITICALAn attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial ofEPSS 36.4%CVE-2023-46217CRITICALAn attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial ofEPSS 36.4%CVE-2026-6973HIGHAn Improper Input Validation in Ivanti EPMM before versions 12.6.1.1, 12.7.0.1, and 12.8.0.1 allows a remotely authenticated user with adminEPSS 34.5%KEVCVE-2024-13181HIGHPath Traversal in Ivanti Avalanche before version 6.4.7 allows a remote unauthenticated attacker to bypass authentication. This CVE addresseEPSS 32.4%CVE-2024-24996CRITICALA Heap overflow vulnerability in WLInfoRailService component of Ivanti Avalanche before 6.4.3 allows an unauthenticated remote attacker to eEPSS 32.2%CVE-2024-50320HIGHAn infinite loop in Ivanti Avalanche before 6.4.6 allows a remote unauthenticated attacker to cause a denial of service.EPSS 31.2%CVE-2025-10573CRITICALStored XSS in Ivanti Endpoint Manager prior to version 2024 SU4 SR1 allows a remote unauthenticated attacker to execute arbitrary JavaScriptEPSS 29.5%CVE-2024-37399HIGHA NULL pointer dereference in WLAvalancheService in Ivanti Avalanche 6.3.1 allows a remote unauthenticated attacker to crash the service, reEPSS 27.8%CVE-2024-13180HIGHPath Traversal in Ivanti Avalanche before version 6.4.7 allows a remote unauthenticated attacker to leak sensitive information. This CVE addEPSS 27.8%CVE-2024-50326HIGHSQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote authenticEPSS 25.8%CVE-2024-34785CRITICALAn unspecified SQL injection in Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote authenticated attacker with admin pEPSS 25.4%CVE-2024-32840CRITICALAn unspecified SQL injection in Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote authenticated attacker with admin pEPSS 25.4%CVE-2024-34779CRITICALAn unspecified SQL injection in Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote authenticated attacker with admin pEPSS 24.0%CVE-2024-32845CRITICALAn unspecified SQL injection in Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote authenticated attacker with admin pEPSS 24.0%CVE-2024-11773CRITICALSQL injection in the admin web console of Ivanti CSA before version 5.0.3 allows a remote authenticated attacker with admin privileges to ruEPSS 23.6%CVE-2024-47908CRITICALOS command injection in the admin web console of Ivanti CSA before version 5.0.5 allows a remote authenticated attacker with admin privilegeEPSS 22.0%CVE-2025-10242HIGHOS command injection in the admin panel of Ivanti EPMM before version 12.6.0.2, 12.5.0.4, and 12.4.0.4 allows a remote authenticated attackeEPSS 21.1%CVE-2025-10985HIGHOS command injection in the admin panel of Ivanti EPMM before version 12.6.0.2, 12.5.0.4, and 12.4.0.4 allows a remote authenticated attackeEPSS 21.1%