Vulnerabilidades em ivanti
376 resultadosCVE-2022-36975CRITICALThis vulnerability allows remote attackers to bypass authentication on affected installations of Ivanti Avalanche 6.3.2.3490. The specific fEPSS 6.5%CVE-2024-50322HIGHPath traversal in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a local unauthentEPSS 6.0%CVE-2022-36973CRITICALThis vulnerability allows remote attackers to bypass authentication on affected installations of Ivanti Avalanche 6.3.2.3490. Although autheEPSS 6.0%CVE-2024-11639CRITICALAn authentication bypass in the admin web console of Ivanti CSA before 5.0.3 allows a remote unauthenticated attacker to gain administrativeEPSS 4.8%CVE-2022-36983HIGHThis vulnerability allows remote attackers to bypass authentication on affected installations of Ivanti Avalanche. Authentication is not reqEPSS 4.7%CVE-2024-29204CRITICALA Heap Overflow vulnerability in WLAvalancheService component of Ivanti Avalanche before 6.4.3 allows a remote unauthenticated attacker to eEPSS 4.3%CVE-2023-46804HIGHAn attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial ofEPSS 4.1%CVE-2023-46803HIGHAn attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial ofEPSS 4.1%CVE-2023-46265MEDIUMAn unauthenticated could abuse a XXE vulnerability in the Smart Device Server to leak data or perform a Server-Side Request Forgery (SSRF).EPSS 4.0%CVE-2024-22052HIGHA null pointer dereference vulnerability in IPSec component of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure allows an unauthenEPSS 3.8%CVE-2025-22467CRITICALA stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.6 allows a remote authenticated attacker to achieve remote codeEPSS 3.7%CVE-2024-22061HIGHA Heap Overflow vulnerability in WLInfoRailService component of Ivanti Avalanche before 6.4.3 allows a remote unauthenticated attacker to exEPSS 3.6%CVE-2024-22053HIGHA heap overflow vulnerability in IPSec component of Ivanti Connect Secure (9.x
22.x) and Ivanti Policy Secure allows an unauthenticated malEPSS 3.5%CVE-2023-46266HIGHAn attacker can send a specially crafted request which could lead to leakage of sensitive data or potentially a resource-based DoS attack.EPSS 3.5%CVE-2023-41719HIGHA vulnerability exists on all versions of Ivanti Connect Secure below 22.6R2 where an attacker impersonating an administrator may craft a spEPSS 3.4%CVE-2021-3540MEDIUMIvanti MobileIron Core clish Restricted Shell Escape via Argument InjectionEPSS 3.3%CVE-2021-3198MEDIUMIvanti MobileIron Core clish Restricted Shell Escape via OS Command InjectionEPSS 3.3%CVE-2024-32841HIGHSQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote authenticEPSS 3.3%CVE-2024-32839HIGHSQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote authenticEPSS 3.3%CVE-2024-24997HIGHA Path Traversal vulnerability in web component of Ivanti Avalanche before 6.4.3 allows a remote authenticated attacker to execute arbitraryEPSS 3.2%