Ivanti

A heap overflow vulnerability in IPSec component of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure

CVE-2024-21894 9.8 - Critical - April 04, 2024

A heap overflow vulnerability in IPSec component of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure allows an unauthenticated malicious user to send specially crafted requests in-order-to crash the service thereby causing a DoS attack. In certain conditions this may lead to execution of arbitrary code

Memory Corruption

A heap overflow vulnerability in IPSec component of Ivanti Connect Secure (9.x 22.x) and Ivanti Policy Secure

CVE-2024-22053 8.2 - High - April 04, 2024

A heap overflow vulnerability in IPSec component of Ivanti Connect Secure (9.x 22.x) and Ivanti Policy Secure allows an unauthenticated malicious user to send specially crafted requests in-order-to crash the service thereby causing a DoS attack or in certain conditions read contents from memory.

Memory Corruption

A null pointer dereference vulnerability in IPSec component of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure

CVE-2024-22052 7.5 - High - April 04, 2024

A null pointer dereference vulnerability in IPSec component of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure allows an unauthenticated malicious user to send specially crafted requests in-order-to crash the service thereby causing a DoS attack

NULL Pointer Dereference

An XML entity expansion or XEE vulnerability in SAML component of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure

CVE-2024-22023 5.3 - Medium - April 04, 2024

An XML entity expansion or XEE vulnerability in SAML component of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure allows an unauthenticated attacker to send specially crafted XML requests in-order-to temporarily cause resource exhaustion thereby resulting in a limited-time DoS.

NULL Pointer Dereference

An file upload vulnerability in Ivanti ITSM before 2023.4, allows an authenticated remote user to perform file writes to the server

CVE-2023-46808 9.9 - Critical - March 31, 2024

An file upload vulnerability in Ivanti ITSM before 2023.4, allows an authenticated remote user to perform file writes to the server. Successful exploitation may lead to execution of commands in the context of non-root user.

Unrestricted File Upload

A command injection vulnerability in Ivanti Sentry prior to 9.19.0

CVE-2023-41724 8.8 - High - March 31, 2024

A command injection vulnerability in Ivanti Sentry prior to 9.19.0 allows unauthenticated threat actor to execute arbitrary commands on the underlying operating system of the appliance within the same physical or logical network.

Command Injection

An XML external entity or XXE vulnerability in the SAML component of Ivanti Connect Secure (9.x, 22.x), Ivanti Policy Secure (9.x, 22.x) and ZTA gateways which

CVE-2024-22024 8.3 - High - February 13, 2024

An XML external entity or XXE vulnerability in the SAML component of Ivanti Connect Secure (9.x, 22.x), Ivanti Policy Secure (9.x, 22.x) and ZTA gateways which allows an attacker to access certain restricted resources without authentication.

XXE

A server-side request forgery vulnerability in the SAML component of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure (9.x, 22.x) and Ivanti Neurons for ZTA

CVE-2024-21893 8.2 - High - January 31, 2024

A server-side request forgery vulnerability in the SAML component of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure (9.x, 22.x) and Ivanti Neurons for ZTA allows an attacker to access certain restricted resources without authentication.

XSPA

A privilege escalation vulnerability in web component of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure (9.x, 22.x) allows a user to elevate privileges to

CVE-2024-21888 8.8 - High - January 31, 2024

A privilege escalation vulnerability in web component of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure (9.x, 22.x) allows a user to elevate privileges to that of an administrator.

Directory Traversal vulnerability in Ivanti Avalanche 6.3.4.153

CVE-2023-41474 6.5 - Medium - January 25, 2024

Directory Traversal vulnerability in Ivanti Avalanche 6.3.4.153 allows a remote authenticated attacker to obtain sensitive information via the javax.faces.resource component.

Directory traversal

A command injection vulnerability in web components of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure (9.x, 22.x)

CVE-2024-21887 9.1 - Critical - January 12, 2024

A command injection vulnerability in web components of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure (9.x, 22.x) allows an authenticated administrator to send specially crafted requests and execute arbitrary commands on the appliance.

Command Injection

An authentication bypass vulnerability in the web component of Ivanti ICS 9.x, 22.x and Ivanti Policy Secure

CVE-2023-46805 8.2 - High - January 12, 2024

An authentication bypass vulnerability in the web component of Ivanti ICS 9.x, 22.x and Ivanti Policy Secure allows a remote attacker to access restricted resources by bypassing control checks.

authentification

An unspecified SQL Injection vulnerability in Ivanti Endpoint Manager released prior to 2022 SU 5

CVE-2023-39336 8.8 - High - January 09, 2024

An unspecified SQL Injection vulnerability in Ivanti Endpoint Manager released prior to 2022 SU 5 allows an attacker with access to the internal network to execute arbitrary SQL queries and retrieve output without the need for authentication. Under specific circumstances, this may also lead to RCE on the core server.

SQL Injection

An unauthenticated could abuse a XXE vulnerability in the Smart Device Server to leak data or perform a Server-Side Request Forgery (SSRF).

CVE-2023-46265 9.8 - Critical - December 19, 2023

An unauthenticated could abuse a XXE vulnerability in the Smart Device Server to leak data or perform a Server-Side Request Forgery (SSRF).

XXE

An attacker can send a specially crafted request

CVE-2023-46266 9.1 - Critical - December 19, 2023

An attacker can send a specially crafted request which could lead to leakage of sensitive data or potentially a resource-based DoS attack.

An unauthenticated attacked could send a specifically crafted web request causing a Server-Side Request Forgery (SSRF) in Ivanti Avalanche Remote Control server.

CVE-2023-46262 7.5 - High - December 19, 2023

An unauthenticated attacked could send a specifically crafted web request causing a Server-Side Request Forgery (SSRF) in Ivanti Avalanche Remote Control server.

XSPA

An attacker can send a specially crafted request

CVE-2021-22962 9.1 - Critical - December 19, 2023

An attacker can send a specially crafted request which could lead to leakage of sensitive data or potentially a resource-based DoS attack.

A vulnerability exists on all versions of Ivanti Connect Secure below 22.6R2 where an attacker can send a specific request

CVE-2023-39340 7.5 - High - December 16, 2023

A vulnerability exists on all versions of Ivanti Connect Secure below 22.6R2 where an attacker can send a specific request which may lead to Denial of Service (DoS) of the appliance.

A vulnerability exists on all versions of Ivanti Connect Secure below 22.6R2 where an attacker with a foothold on an Ivanti Connect Secure (ICS) appliance

CVE-2023-41720 7.8 - High - December 14, 2023

A vulnerability exists on all versions of Ivanti Connect Secure below 22.6R2 where an attacker with a foothold on an Ivanti Connect Secure (ICS) appliance can escalate their privileges by exploiting a vulnerable installed application. This vulnerability allows the attacker to gain elevated execution privileges on the affected system.

A vulnerability exists on all versions of Ivanti Connect Secure below 22.6R2 where an attacker impersonating an administrator may craft a specific web request

CVE-2023-41719 7.2 - High - December 14, 2023

A vulnerability exists on all versions of Ivanti Connect Secure below 22.6R2 where an attacker impersonating an administrator may craft a specific web request which may lead to remote code execution.

A security vulnerability in EPMM Versions 11.10, 11.9 and 11.8 older

CVE-2023-39337 9.1 - Critical - November 15, 2023

A security vulnerability in EPMM Versions 11.10, 11.9 and 11.8 older allows a threat actor with knowledge of an enrolled device identifier to access and extract sensitive information, including device and environment configuration details, as well as secrets. This vulnerability poses a serious security risk, potentially exposing confidential data and system integrity.

A security vulnerability has been identified in EPMM Versions 11.10, 11.9 and 11.8 and older

CVE-2023-39335 9.8 - Critical - November 15, 2023

A security vulnerability has been identified in EPMM Versions 11.10, 11.9 and 11.8 and older allowing an unauthenticated threat actor to impersonate any existing user during the device enrollment process. This issue poses a significant security risk, as it enables unauthorized access and potential misuse of user accounts and resources.

Ivanti Avalanche Incorrect Default Permissions

CVE-2023-41726 7.8 - High - November 03, 2023

Ivanti Avalanche Incorrect Default Permissions allows Local Privilege Escalation Vulnerability

Incorrect Default Permissions

Ivanti Avalanche EnterpriseServer Service Unrestricted File Upload Local Privilege Escalation Vulnerability

CVE-2023-41725 7.8 - High - November 03, 2023

Ivanti Avalanche EnterpriseServer Service Unrestricted File Upload Local Privilege Escalation Vulnerability

Unrestricted File Upload

A locally authenticated attacker with low privileges

CVE-2022-44569 7.8 - High - November 03, 2023

A locally authenticated attacker with low privileges can bypass authentication due to insecure inter-process communication.

authentification

Ivanti Avalanche Printer Device Service Missing Authentication Local Privilege Escalation Vulnerability

CVE-2022-43555 7.8 - High - November 03, 2023

Ivanti Avalanche Printer Device Service Missing Authentication Local Privilege Escalation Vulnerability

Missing Authentication for Critical Function

Ivanti Avalanche Smart Device Service Missing Authentication Local Privilege Escalation Vulnerability

CVE-2022-43554 7.8 - High - November 03, 2023

Ivanti Avalanche Smart Device Service Missing Authentication Local Privilege Escalation Vulnerability

Missing Authentication for Critical Function

Unsafe Deserialization of User Input could lead to Execution of Unauthorized Operations in Ivanti Endpoint Manager 2022 su3 and all previous versions, which could

CVE-2023-35084 9.8 - Critical - October 18, 2023

Unsafe Deserialization of User Input could lead to Execution of Unauthorized Operations in Ivanti Endpoint Manager 2022 su3 and all previous versions, which could allow an attacker to execute commands remotely.

Marshaling, Unmarshaling

Allows an authenticated attacker with network access to read arbitrary files on Endpoint Manager recently discovered on 2022 SU3 and all previous versions potentially leading to the leakage of sensitive information.

CVE-2023-35083 6.5 - Medium - October 18, 2023

Allows an authenticated attacker with network access to read arbitrary files on Endpoint Manager recently discovered on 2022 SU3 and all previous versions potentially leading to the leakage of sensitive information.

An issue was discovered in Ivanti Endpoint Manager before 2022 SU4

CVE-2023-38344 6.5 - Medium - September 21, 2023

An issue was discovered in Ivanti Endpoint Manager before 2022 SU4. A file disclosure vulnerability exists in the GetFileContents SOAP action exposed via /landesk/managementsuite/core/core.secure/OsdScript.asmx. The application does not sufficiently restrict user-supplied paths, allowing for an authenticated attacker to read arbitrary files from a remote system, including the private key used to authenticate to agents for remote access.

An XXE (XML external entity injection) vulnerability exists in the CSEP component of Ivanti Endpoint Manager before 2022 SU4

CVE-2023-38343 7.5 - High - September 21, 2023

An XXE (XML external entity injection) vulnerability exists in the CSEP component of Ivanti Endpoint Manager before 2022 SU4. External entity references are enabled in the XML parser configuration. Exploitation of this vulnerability can lead to file disclosure or Server Side Request Forgery.

XXE

A security vulnerability in MICS Admin Portal in Ivanti MobileIron Sentry versions 9.18.0 and below, which may

CVE-2023-38035 9.8 - Critical - August 21, 2023

A security vulnerability in MICS Admin Portal in Ivanti MobileIron Sentry versions 9.18.0 and below, which may allow an attacker to bypass authentication controls on the administrative interface due to an insufficiently restrictive Apache HTTPD configuration.

AuthZ

An authentication bypass vulnerability in Ivanti EPMM 11.10 and older

CVE-2023-35082 9.8 - Critical - August 15, 2023

An authentication bypass vulnerability in Ivanti EPMM 11.10 and older, allows unauthorized users to access restricted functionality or resources of the application without proper authentication. This vulnerability is unique to CVE-2023-35078 announced earlier.

authentification

An attacker can send a specially crafted request which could lead to leakage of sensitive data or potentially a resource-based DoS attack

CVE-2023-32565 9.1 - Critical - August 10, 2023

An attacker can send a specially crafted request which could lead to leakage of sensitive data or potentially a resource-based DoS attack. Fixed in version 6.4.1.

An unrestricted upload of file with dangerous type vulnerability exists in Avalanche versions 6.4.1 and below

CVE-2023-32564 9.8 - Critical - August 10, 2023

An unrestricted upload of file with dangerous type vulnerability exists in Avalanche versions 6.4.1 and below that could allow an attacker to achieve a remove code execution.

Unrestricted File Upload

An unauthenticated attacker could achieve the code execution through a RemoteControl server.

CVE-2023-32563 9.8 - Critical - August 10, 2023

An unauthenticated attacker could achieve the code execution through a RemoteControl server.

Directory traversal

An unrestricted upload of file with dangerous type vulnerability exists in Avalanche versions 6.3.x and below

CVE-2023-32562 9.8 - Critical - August 10, 2023

An unrestricted upload of file with dangerous type vulnerability exists in Avalanche versions 6.3.x and below that could allow an attacker to achieve a remove code execution. Fixed in version 6.4.1.

Unrestricted File Upload

DSM 2022.2 SU2 and all prior versions

CVE-2023-28129 7.8 - High - August 10, 2023

DSM 2022.2 SU2 and all prior versions allows a local low privileged account to execute arbitrary OS commands as the DSM software installation user.

A previously generated artifact by an administrator could be accessed by an attacker

CVE-2023-32561 7.5 - High - August 10, 2023

A previously generated artifact by an administrator could be accessed by an attacker. The contents of this artifact could lead to authentication bypass. Fixed in version 6.4.1.

An attacker can send a specially crafted message to the Wavelink Avalanche Manager

CVE-2023-32560 9.8 - Critical - August 10, 2023

An attacker can send a specially crafted message to the Wavelink Avalanche Manager, which could result in service disruption or arbitrary code execution. Thanks to a Researcher at Tenable for finding and reporting. Fixed in version 6.4.1.

Memory Corruption

Ivanti Avalanche decodeToMap XML External Entity Processing

CVE-2023-32567 9.8 - Critical - August 10, 2023

Ivanti Avalanche decodeToMap XML External Entity Processing. Fixed in version 6.4.1.236

XXE

An attacker can send a specially crafted request which could lead to leakage of sensitive data or potentially a resource-based DoS attack

CVE-2023-32566 9.1 - Critical - August 10, 2023

An attacker can send a specially crafted request which could lead to leakage of sensitive data or potentially a resource-based DoS attack. Fixed in version 6.4.1.

A path traversal vulnerability in Ivanti EPMM versions (11.10.x < 11.10.0.3, 11.9.x < 11.9.1.2 and 11.8.x < 11.8.1.2)

CVE-2023-35081 7.2 - High - August 03, 2023

A path traversal vulnerability in Ivanti EPMM versions (11.10.x < 11.10.0.3, 11.9.x < 11.9.1.2 and 11.8.x < 11.8.1.2) allows an authenticated administrator to write arbitrary files onto the appliance.

Directory traversal

An authentication bypass vulnerability in Ivanti EPMM

CVE-2023-35078 9.8 - Critical - July 25, 2023

An authentication bypass vulnerability in Ivanti EPMM allows unauthorized users to access restricted functionality or resources of the application without proper authentication.

authentification

A improper input validation vulnerability exists in Ivanti Endpoint Manager 2022 and below

CVE-2023-28324 9.8 - Critical - July 01, 2023

A improper input validation vulnerability exists in Ivanti Endpoint Manager 2022 and below that could allow privilege escalation or remote code execution.

Improper Input Validation

A deserialization of untrusted data exists in EPM 2022 Su3 and all prior versions that allows an unauthenticated user to elevate rights

CVE-2023-28323 9.8 - Critical - July 01, 2023

A deserialization of untrusted data exists in EPM 2022 Su3 and all prior versions that allows an unauthenticated user to elevate rights. This exploit could potentially be used in conjunction with other OS (Operating System) vulnerabilities to escalate privileges on the machine or be used as a stepping stone to get to other network attached machines.

Marshaling, Unmarshaling

An unrestricted upload of file with dangerous type vulnerability exists in Avalanche versions 6.3.x and below

CVE-2023-28128 7.2 - High - May 09, 2023

An unrestricted upload of file with dangerous type vulnerability exists in Avalanche versions 6.3.x and below that could allow an attacker to achieve a remove code execution.

Unrestricted File Upload

A path traversal vulnerability exists in Avalanche version 6.3.x and below

CVE-2023-28127 7.5 - High - May 09, 2023

A path traversal vulnerability exists in Avalanche version 6.3.x and below that when exploited could result in possible information disclosure.

Directory traversal

An authentication bypass vulnerability exists in Avalanche versions 6.3.x and below

CVE-2023-28126 5.9 - Medium - May 09, 2023

An authentication bypass vulnerability exists in Avalanche versions 6.3.x and below that could allow an attacker to gain access by exploiting the SetUser method or can exploit the Race Condition in the authentication message.

Race Condition

An improper authentication vulnerability exists in Avalanche Premise versions 6.3.x and below

CVE-2023-28125 5.9 - Medium - May 09, 2023

An improper authentication vulnerability exists in Avalanche Premise versions 6.3.x and below that could allow an attacker to gain access to the server by registering to receive messages from the server and perform an authentication bypass.

Race Condition

This vulnerability allows remote attackers to bypass authentication on affected installations of Ivanti Avalanche 6.3.2.3490

CVE-2022-36976 9.8 - Critical - March 29, 2023

This vulnerability allows remote attackers to bypass authentication on affected installations of Ivanti Avalanche 6.3.2.3490. The specific flaw exists within the GroupDaoImpl class. A crafted request can trigger execution of SQL queries composed from a user-supplied string. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-15333.

SQL Injection

This vulnerability allows remote attackers to bypass authentication on affected installations of Ivanti Avalanche 6.3.2.3490

CVE-2022-36975 9.8 - Critical - March 29, 2023

This vulnerability allows remote attackers to bypass authentication on affected installations of Ivanti Avalanche 6.3.2.3490. The specific flaw exists within the ProfileDaoImpl class. A crafted request can trigger execution of SQL queries composed from a user-supplied string. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-15332.

SQL Injection

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Avalanche 6.3.2.3490

CVE-2022-36974 9.8 - Critical - March 29, 2023

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Avalanche 6.3.2.3490. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the Web File Server service. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to execute code in the context of the service account. Was ZDI-CAN-15330.

Marshaling, Unmarshaling

This vulnerability allows remote attackers to bypass authentication on affected installations of Ivanti Avalanche 6.3.2.3490

CVE-2022-36973 8.8 - High - March 29, 2023

This vulnerability allows remote attackers to bypass authentication on affected installations of Ivanti Avalanche 6.3.2.3490. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the ProfileDaoImpl class. A crafted request can trigger execution of SQL queries composed from a user-supplied string. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-15329.

SQL Injection

This vulnerability allows remote attackers to bypass authentication on affected installations of Ivanti Avalanche 6.3.2.3490

CVE-2022-36972 9.8 - Critical - March 29, 2023

This vulnerability allows remote attackers to bypass authentication on affected installations of Ivanti Avalanche 6.3.2.3490. The specific flaw exists within the ProfileDaoImpl class. A crafted request can trigger execution of SQL queries composed from a user-supplied string. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-15328.

SQL Injection

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Avalanche 6.3.2.3490

CVE-2022-36971 8.8 - High - March 29, 2023

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Avalanche 6.3.2.3490. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the JwtTokenUtility class. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to execute code in the context of the service account. Was ZDI-CAN-15301.

Marshaling, Unmarshaling

This vulnerability allows remote attackers to bypass authentication on affected installations of Ivanti Avalanche 6.3.2.3490

CVE-2022-36979 9.8 - Critical - March 29, 2023

This vulnerability allows remote attackers to bypass authentication on affected installations of Ivanti Avalanche 6.3.2.3490. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the AvalancheDaoSupport class. A crafted request can trigger execution of SQL queries composed from a user-supplied string. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-15493.

SQL Injection

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Avalanche 6.3.2.3490

CVE-2022-36978 9.8 - Critical - March 29, 2023

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Avalanche 6.3.2.3490. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the Notification Server service. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to execute code in the context of the service account. Was ZDI-CAN-15448.

Marshaling, Unmarshaling

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Avalanche 6.3.2.3490

CVE-2022-36977 9.8 - Critical - March 29, 2023

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Avalanche 6.3.2.3490. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the Certificate Management Server service. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to execute code in the context of the service account. Was ZDI-CAN-15449.

Marshaling, Unmarshaling

This vulnerability allows remote attackers to bypass authentication on affected installations of Ivanti Avalanche

CVE-2022-36983 9.8 - Critical - March 29, 2023

This vulnerability allows remote attackers to bypass authentication on affected installations of Ivanti Avalanche. Authentication is not required to exploit this vulnerability. The specific flaw exists within the SetSettings class. The issue results from the lack of authentication prior to allowing access to functionality. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-15919.

Missing Authentication for Critical Function

This vulnerability allows remote attackers to read arbitrary files on affected installations of Ivanti Avalanche 6.3.3.101

CVE-2022-36982 7.5 - High - March 29, 2023

This vulnerability allows remote attackers to read arbitrary files on affected installations of Ivanti Avalanche 6.3.3.101. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the AgentTaskHandler class. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to disclose stored session cookies, leading to further compromise. Was ZDI-CAN-15967.

Directory traversal

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Avalanche 6.3.3.101

CVE-2022-36981 9.8 - Critical - March 29, 2023

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Avalanche 6.3.3.101. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the DeviceLogResource class. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to execute code in the context of the service account. Was ZDI-CAN-15966.

Directory traversal

This vulnerability allows remote attackers to bypass authentication on affected installations of Ivanti Avalanche 6.3.2.3490

CVE-2022-36980 8.1 - High - March 29, 2023

This vulnerability allows remote attackers to bypass authentication on affected installations of Ivanti Avalanche 6.3.2.3490. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the EnterpriseServer service. The issue results from the lack of proper locking when performing operations during authentication. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-15528.

TOCTTOU

An improper authentication vulnerability exists in Avalanche version 6.3.x and below

CVE-2022-44574 7.5 - High - March 10, 2023

An improper authentication vulnerability exists in Avalanche version 6.3.x and below allows unauthenticated attacker to modify properties on specific port.

authentification

XML Injection with Endpoint Manager 2022

CVE-2022-35259 7.8 - High - December 05, 2022

XML Injection with Endpoint Manager 2022. 3 and below causing a download of a malicious file to run and possibly execute to gain unauthorized privileges.

aka Blind XPath Injection

A privilege escalation vulnerability is identified in Ivanti EPM (LANDesk Management Suite)

CVE-2022-27773 9.8 - Critical - December 05, 2022

A privilege escalation vulnerability is identified in Ivanti EPM (LANDesk Management Suite) that allows a user to execute commands with elevated privileges.

An unauthenticated attacker

CVE-2022-35254 7.5 - High - December 05, 2022

An unauthenticated attacker can cause a denial-of-service to the following products: Ivanti Connect Secure (ICS) in versions prior to 9.1R14.3, 9.1R15.2, 9.1R16.2, and 22.2R4, Ivanti Policy Secure (IPS) in versions prior to 9.1R17 and 22.3R1, and Ivanti Neurons for Zero-Trust Access in versions prior to 22.3R1.

Resource Exhaustion

An unauthenticated attacker

CVE-2022-35258 7.5 - High - December 05, 2022

An unauthenticated attacker can cause a denial-of-service to the following products: Ivanti Connect Secure (ICS) in versions prior to 9.1R14.3, 9.1R15.2, 9.1R16.2, and 22.2R4, Ivanti Policy Secure (IPS) in versions prior to 9.1R17 and 22.3R1, and Ivanti Neurons for Zero-Trust Access in versions prior to 22.3R1.

Incorrect Calculation

Pulse Secure version 9.115 and below may be susceptible to client-side http request smuggling

CVE-2022-21826 5.4 - Medium - September 30, 2022

Pulse Secure version 9.115 and below may be susceptible to client-side http request smuggling, When the application receives a POST request, it ignores the request's Content-Length header and leaves the POST body on the TCP/TLS socket. This body ends up prefixing the next HTTP request sent down that connection, this means when someone loads website attacker may be able to make browser issue a POST to the application, enabling XSS.

HTTP Request Smuggling

The LANDesk(R) Management Agent service exposes a socket and once connected, it is possible to launch commands only for signed executables

CVE-2022-30121 6.7 - Medium - September 23, 2022

The LANDesk(R) Management Agent service exposes a socket and once connected, it is possible to launch commands only for signed executables. This is a security bug that allows a limited user to get escalated admin privileges on their system.

In Ivanti Pulse Secure Pulse Connect Secure (PCS) before 9.1R12

CVE-2021-44720 7.2 - High - August 12, 2022

In Ivanti Pulse Secure Pulse Connect Secure (PCS) before 9.1R12, the administrator password is stored in the HTML source code of the "Maintenance > Push Configuration > Targets > Target Name" targets.cgi screen. A read-only administrative user can escalate to a read-write administrative role.

Use of Hard-coded Credentials

An authenticated high privileged user

CVE-2022-22571 4.8 - Medium - April 11, 2022

An authenticated high privileged user can perform a stored XSS attack due to incorrect output encoding in Incapptic connect and affects all current versions.

XSS

A non-admin user with user management permission can escalate his privilege to admin user via password reset functionality

CVE-2022-22572 8.8 - High - April 11, 2022

A non-admin user with user management permission can escalate his privilege to admin user via password reset functionality. The vulnerability affects Incapptic Connect version < 1.40.1.

Ivanti DSM Remote <= 6.3.1.1862 is vulnerable to an unquoted service path

CVE-2022-27088 7.8 - High - April 11, 2022

Ivanti DSM Remote <= 6.3.1.1862 is vulnerable to an unquoted service path allowing local users to launch processes with elevated privileges.

Unquoted Search Path or Element

Ivanti Avalanche (Premise) 6.3.2 allows remote unauthenticated users to read arbitrary files via Absolute Path Traversal

CVE-2021-30497 7.5 - High - April 06, 2022

Ivanti Avalanche (Premise) 6.3.2 allows remote unauthenticated users to read arbitrary files via Absolute Path Traversal. The imageFilePath parameter processed by the /AvalancheWeb/image endpoint is not verified to be within the scope of the image folder, e.g., the attacker can obtain sensitive information via the C:/Windows/system32/config/system.sav value.

Directory traversal

A user with high privilege access to the Incapptic Connect web console

CVE-2022-21828 7.2 - High - March 04, 2022

A user with high privilege access to the Incapptic Connect web console can remotely execute code on the Incapptic Connect server using a unspecified attack vector in Incapptic Connect version 1.40.0, 1.39.1, 1.39.0, 1.38.1, 1.38.0, 1.37.1, 1.37.0, 1.36.0, 1.35.5, 1.35.4 and 1.35.3.

Ivanti Service Manager 2021.1

CVE-2021-38560 6.1 - Medium - February 01, 2022

Ivanti Service Manager 2021.1 allows reflected XSS via the appName parameter associated with ConfigDB calls, such as in RelocateAttachments.aspx.

XSS

A insecure storage of sensitive information vulnerability exists in Ivanti Workspace Control <2021.2 (10.7.30.0)

CVE-2022-21823 5.5 - Medium - January 10, 2022

A insecure storage of sensitive information vulnerability exists in Ivanti Workspace Control <2021.2 (10.7.30.0) that could allow an attacker with locally authenticated low privileges to obtain key information due to an unspecified attack vector.

Insecure Storage of Sensitive Information

Ivanti Workspace Control before 10.4.50.0

CVE-2019-19138 7.5 - High - December 15, 2021

Ivanti Workspace Control before 10.4.50.0 allows attackers to degrade integrity.

A code injection vulnerability in the Ivanti EPM Cloud Services Appliance (CSA)

CVE-2021-44529 9.8 - Critical - December 08, 2021

A code injection vulnerability in the Ivanti EPM Cloud Services Appliance (CSA) allows an unauthenticated user to execute arbitrary code with limited permissions (nobody).

Code Injection

An improper authorization control vulnerability exists in Ivanti Avalanche before 6.3.3

CVE-2021-42126 8.8 - High - December 07, 2021

An improper authorization control vulnerability exists in Ivanti Avalanche before 6.3.3 allows an attacker with access to the Inforail Service to perform privilege escalation.

An improper access control vulnerability exists in Ivanti Avalanche before 6.3.3

CVE-2021-42124 8.8 - High - December 07, 2021

An improper access control vulnerability exists in Ivanti Avalanche before 6.3.3 allows an attacker with access to the Inforail Service to perform a session takeover.

A command Injection vulnerability exists in Ivanti Avalanche before 6.3.3

CVE-2021-42132 8.8 - High - December 07, 2021

A command Injection vulnerability exists in Ivanti Avalanche before 6.3.3 allows an attacker with access to the Inforail Service to perform arbitrary command execution.

Command Injection

A SQL Injection vulnerability exists in Ivanti Avalance before 6.3.3

CVE-2021-42131 8.8 - High - December 07, 2021

A SQL Injection vulnerability exists in Ivanti Avalance before 6.3.3 allows an attacker with access to the Inforail Service to perform privilege escalation.

SQL Injection

A deserialization of untrusted data vulnerability exists in Ivanti Avalanche before 6.3.3

CVE-2021-42130 8.8 - High - December 07, 2021

A deserialization of untrusted data vulnerability exists in Ivanti Avalanche before 6.3.3 allows an attacker with access to the Inforail Service to perform arbitrary code execution.

Marshaling, Unmarshaling

A command injection vulnerability exists in Ivanti Avalanche before 6.3.3

CVE-2021-42129 8.8 - High - December 07, 2021

A command injection vulnerability exists in Ivanti Avalanche before 6.3.3 allows an attacker with access to the Inforail Service to perform arbitrary command execution.

Command Injection

An exposed dangerous function vulnerability exists in Ivanti Avalanche before 6.3.3 using inforail Service

CVE-2021-42128 9.8 - Critical - December 07, 2021

An exposed dangerous function vulnerability exists in Ivanti Avalanche before 6.3.3 using inforail Service allows Privilege Escalation via Enterprise Server Service.

A deserialization of untrusted data vulnerability exists in Ivanti Avalanche before 6.3.3 using Inforail Service

CVE-2021-42127 9.8 - Critical - December 07, 2021

A deserialization of untrusted data vulnerability exists in Ivanti Avalanche before 6.3.3 using Inforail Service allows arbitrary code execution via Data Repository Service.

Marshaling, Unmarshaling

An unrestricted file upload vulnerability exists in Ivanti Avalanche before 6.3.3

CVE-2021-42125 8.8 - High - December 07, 2021

An unrestricted file upload vulnerability exists in Ivanti Avalanche before 6.3.3 allows an attacker with access to the Inforail Service to write dangerous files.

Unrestricted File Upload

An exposed dangerous function vulnerability exists in Ivanti Avalanche before 6.3.3

CVE-2021-42133 8.1 - High - December 07, 2021

An exposed dangerous function vulnerability exists in Ivanti Avalanche before 6.3.3 allows an attacker with access to the Inforail Service to perform an arbitrary file write.

Inclusion of Functionality from Untrusted Control Sphere

A vulnerability in Pulse Connect Secure before 9.1R12.1 could

CVE-2021-22965 7.5 - High - November 19, 2021

A vulnerability in Pulse Connect Secure before 9.1R12.1 could allow an unauthenticated administrator to causes a denial of service when a malformed request is sent to the device.

Resource Exhaustion

An issue was discovered in Ivanti Workspace Control before 10.6.30.0

CVE-2021-36235 7.8 - High - September 01, 2021

An issue was discovered in Ivanti Workspace Control before 10.6.30.0. A locally authenticated user with low privileges can bypass File and Folder Security by leveraging an unspecified attack vector. As a result, the attacker can start applications with elevated privileges.

A vulnerability in Pulse Connect Secure before 9.1R12 could

CVE-2021-22938 7.2 - High - August 16, 2021

A vulnerability in Pulse Connect Secure before 9.1R12 could allow an authenticated administrator to perform command injection via an unsanitized web parameter in the administrator web console.

Command Injection

A vulnerability in Pulse Connect Secure before 9.1R12 could

CVE-2021-22937 7.2 - High - August 16, 2021

A vulnerability in Pulse Connect Secure before 9.1R12 could allow an authenticated administrator to perform a file write via a maliciously crafted archive uploaded in the administrator web interface.

Unrestricted File Upload

A vulnerability in Pulse Connect Secure before 9.1R12 could

CVE-2021-22936 6.1 - Medium - August 16, 2021

A vulnerability in Pulse Connect Secure before 9.1R12 could allow a threat actor to perform a cross-site script attack against an authenticated administrator via an unsanitized web parameter.

XSS

A vulnerability in Pulse Connect Secure before 9.1R12 could

CVE-2021-22935 7.2 - High - August 16, 2021

A vulnerability in Pulse Connect Secure before 9.1R12 could allow an authenticated administrator to perform command injection via an unsanitized web parameter.

Command Injection

A vulnerability in Pulse Connect Secure before 9.1R12 could

CVE-2021-22934 7.2 - High - August 16, 2021

A vulnerability in Pulse Connect Secure before 9.1R12 could allow an authenticated administrator or compromised Pulse Connect Secure device in a load-balanced configuration to perform a buffer overflow via a malicious crafted web request.

Classic Buffer Overflow

A vulnerability in Pulse Connect Secure before 9.1R12 could

CVE-2021-22933 6.5 - Medium - August 16, 2021

A vulnerability in Pulse Connect Secure before 9.1R12 could allow an authenticated administrator to perform an arbitrary file delete via a maliciously crafted web request.

Directory traversal

By abusing the 'install rpm url' command, an attacker can escape the restricted clish shell on affected versions of Ivanti MobileIron Core

CVE-2021-3198 7.2 - High - July 22, 2021

By abusing the 'install rpm url' command, an attacker can escape the restricted clish shell on affected versions of Ivanti MobileIron Core. This issue was fixed in version 11.1.0.0.

Shell injection

By abusing the 'install rpm info detail' command, an attacker

CVE-2021-3540 7.2 - High - July 22, 2021

By abusing the 'install rpm info detail' command, an attacker can escape the restricted clish shell on affected versions of Ivanti MobileIron Core. This issue was fixed in version 11.1.0.0.

Argument Injection