Vulnerabilidades em Ivanti
376 resultadosCVE-2021-22962HIGHAn attacker can send a specially crafted request which could lead to leakage of sensitive data or potentially a resource-based DoS attack.EPSS 91.0%CVE-2023-46264HIGHAn unrestricted upload of file with dangerous type vulnerability exists in Avalanche versions 6.4.1 and below that could allow an attacker tEPSS 90.2%CVE-2023-32563HIGHAn unauthenticated attacker could achieve the code execution through a RemoteControl server.EPSS 90.2%CVE-2024-13160CRITICALAbsolute path traversal in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remoteEPSS 89.7%KEVCVE-2024-8190HIGHAn OS command injection vulnerability in Ivanti Cloud Services Appliance versions 4.6 Patch 518 and before allows a remote authenticated attEPSS 89.0%KEVCVE-2024-13161CRITICALAbsolute path traversal in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remoteEPSS 88.5%KEVCVE-2025-4428HIGHRemote Code ExecutionEPSS 87.5%KEVCVE-2024-21888HIGHA privilege escalation vulnerability in web component of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure (9.x, 22.x) allows a useEPSS 86.8%CVE-2022-36974CRITICALThis vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Avalanche 6.3.2.3490. Although authEPSS 85.1%CVE-2026-1340CRITICALA code injection in Ivanti Endpoint Manager Mobile allowing attackers to achieve unauthenticated remote code execution.EPSS 84.0%KEVCVE-2022-36981HIGHThis vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Avalanche 6.3.3.101. Although autheEPSS 83.4%CVE-2022-36980CRITICALThis vulnerability allows remote attackers to bypass authentication on affected installations of Ivanti Avalanche 6.3.2.3490. Although autheEPSS 83.1%CVE-2023-46262HIGHAn unauthenticated attacked could send a specifically crafted web request causing a Server-Side Request Forgery (SSRF) in Ivanti Avalanche REPSS 82.8%CVE-2023-46263HIGHAn unrestricted upload of file with dangerous type vulnerability exists in Avalanche versions 6.4.1 and below that could allow an attacker tEPSS 81.9%CVE-2026-1281CRITICALA code injection in Ivanti Endpoint Manager Mobile allowing attackers to achieve unauthenticated remote code execution.EPSS 81.2%KEVCVE-2026-1603HIGHAn authentication bypass in Ivanti Endpoint Manager before version 2024 SU5 allows a remote unauthenticated attacker to leak specific storedEPSS 81.1%KEVCVE-2022-36982MEDIUMThis vulnerability allows remote attackers to read arbitrary files on affected installations of Ivanti Avalanche 6.3.3.101. Although authentEPSS 73.8%CVE-2024-29827CRITICALAn unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an unauthenticated attacker within the samEPSS 71.7%CVE-2024-24992HIGHA Path Traversal vulnerability in web component of Ivanti Avalanche before 6.4.3 allows a remote authenticated attacker to execute arbitraryEPSS 70.9%CVE-2024-24994HIGHA Path Traversal vulnerability in web component of Ivanti Avalanche before 6.4.3 allows a remote authenticated attacker to execute arbitraryEPSS 68.1%