Vulnerabilidades em ivanti
376 resultadosCVE-2026-5786HIGHAn Improper Access Control vulnerability in Ivanti EPMM before versions 12.6.1.1, 12.7.0.1, and 12.8.0.1 allows a remote authenticated attacEPSS 0.7%CVE-2023-35080HIGHA vulnerability has been identified in the Ivanti Secure Access Windows client, which could allow a locally authenticated attacker to exploiEPSS 0.7%CVE-2023-41720HIGHA vulnerability exists on all versions of Ivanti Connect Secure below 22.6R2 where an attacker with a foothold on an Ivanti Connect Secure (EPSS 0.7%CVE-2026-8109MEDIUMAn exposed dangerous method on the Core Server of Ivanti Endpoint Manager before version 2024 SU6 allows a remote authenticated attacker to EPSS 0.7%CVE-2023-41725HIGHIvanti Avalanche EnterpriseServer Service Unrestricted File Upload Local Privilege Escalation VulnerabilityEPSS 0.7%CVE-2026-5787HIGHAn Improper Certificate Validation in Ivanti EPMM before versions 12.6.1.1, 12.7.0.1, and 12.8.0.1 allows a remote unauthenticated attacker EPSS 0.7%CVE-2026-1602MEDIUMSQL injection in Ivanti Endpoint Manager before version 2024 SU5 allows a remote authenticated attacker to read arbitrary data from the dataEPSS 0.7%CVE-2023-38041HIGHA logged in user may elevate its permissions by abusing a Time-of-Check to Time-of-Use (TOCTOU) race condition. When a particular process flEPSS 0.7%CVE-2024-50323HIGHSQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a local unauthentiEPSS 0.7%CVE-2025-55143MEDIUMReflected text injection in Ivanti Connect Secure before 22.7R2.9 or 22.8R2, Ivanti Policy Secure before 22.7R1.6, Ivanti ZTA Gateway beforeEPSS 0.7%CVE-2025-5451MEDIUMA stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.8 and Ivanti Policy Secure before version 22.7R1.5 allows a remEPSS 0.7%CVE-2023-41726HIGHIvanti Avalanche Incorrect Default Permissions allows Local Privilege Escalation VulnerabilityEPSS 0.6%CVE-2025-5466MEDIUMXEE in Ivanti Connect Secure before 22.7R2.8 or 22.8R2, Ivanti Policy Secure before 22.7R1.5, Ivanti ZTA Gateway before 22.8R2.3-723 and IvaEPSS 0.6%CVE-2024-13830MEDIUMReflected XSS in Ivanti Connect Secure before version 22.7R2.6 and Ivanti Policy Secure before version 22.7R1.3 allows a remote unauthenticaEPSS 0.6%CVE-2025-55145HIGHMissing authorization in Ivanti Connect Secure before 22.7R2.9 or 22.8R2, Ivanti Policy Secure before 22.7R1.6, Ivanti ZTA Gateway before 2.EPSS 0.6%CVE-2026-4913MEDIUMImproper protection of an alternate path in Ivanti N-ITSM before version 2025.4 allows a remote authenticated attacker to retain access whenEPSS 0.6%CVE-2025-55147HIGHCSRF in Ivanti Connect Secure before 22.7R2.9 or 22.8R2, Ivanti Policy Secure before 22.7R1.6, Ivanti ZTA Gateway before 2.8R2.3-723 and IvaEPSS 0.6%CVE-2026-8992HIGHAn improper certificate validation vulnerability in Ivanti Secure Access Client before 22.8R6 allows a remote unauthenticated attacker to exEPSS 0.6%CVE-2025-10986MEDIUMPath traversal in the admin panel of Ivanti EPMM before version 12.6.0.2, 12.5.0.4, and 12.4.0.4 allows a remote authenticated attacker withEPSS 0.6%CVE-2025-0292MEDIUMSSRF in Ivanti Connect Secure before version 22.7R2.8 and Ivanti Policy Secure before version 22.7R1.5 allows a remote authenticated attackeEPSS 0.6%