Ivanti
Products by Ivanti Sorted by Most Security Vulnerabilities since 2018
Known Exploited Ivanti Vulnerabilities
The following Ivanti vulnerabilities have been marked by CISA as Known to be Exploited by threat actors.
Title | Description | Added |
---|---|---|
Ivanti Endpoint Manager Cloud Service Appliance (EPM CSA) Code Injection Vulnerability | Ivanti Endpoint Manager Cloud Service Appliance (EPM CSA) contains a code injection vulnerability that allows an unauthenticated user to execute malicious code with limited permissions (nobody). CVE-2021-44529 | March 25, 2024 |
Ivanti Connect Secure, Policy Secure, and Neurons Server-Side Request Forgery (SSRF) Vulnerability | Ivanti Connect Secure (ICS, formerly known as Pulse Connect Secure), Ivanti Policy Secure, and Ivanti Neurons contain a server-side request forgery (SSRF) vulnerability in the SAML component that allows an attacker to access certain restricted resources without authentication. CVE-2024-21893 | January 31, 2024 |
Ivanti Endpoint Manager Mobile (EPMM) and MobileIron Core Authentication Bypass Vulnerability | Ivanti Endpoint Manager Mobile (EPMM) and MobileIron Core contain an authentication bypass vulnerability that allows unauthorized users to access restricted functionality or resources of the application. CVE-2023-35082 | January 18, 2024 |
Ivanti Connect Secure and Policy Secure Authentication Bypass Vulnerability | Ivanti Connect Secure (ICS, formerly known as Pulse Connect Secure) and Ivanti Policy Secure gateways contain an authentication bypass vulnerability in the web component that allows an attacker to access restricted resources by bypassing control checks. This vulnerability can be leveraged in conjunction with CVE-2024-21887, a command injection vulnerability. CVE-2023-46805 | January 10, 2024 |
Ivanti Connect Secure and Policy Secure Command Injection Vulnerability | Ivanti Connect Secure (ICS, formerly known as Pulse Connect Secure) and Ivanti Policy Secure contain a command injection vulnerability in the web components of these products, which can allow an authenticated administrator to send crafted requests to execute code on affected appliances. This vulnerability can be leveraged in conjunction with CVE-2023-46805, an authenticated bypass issue. CVE-2024-21887 | January 10, 2024 |
Ivanti Sentry Authentication Bypass Vulnerability | Ivanti Sentry, formerly known as MobileIron Sentry, contains an authentication bypass vulnerability which may allow an attacker to bypass authentication controls on the administrative interface due to an insufficiently restrictive Apache HTTPD configuration. CVE-2023-38035 | August 22, 2023 |
Ivanti Endpoint Manager Mobile (EPMM) Path Traversal Vulnerability | Ivanti Endpoint Manager Mobile (EPMM) contains a path traversal vulnerability that enables an authenticated administrator to perform malicious file writes to the EPMM server. This vulnerability can be used in conjunction with CVE-2023-35078, bypassing administrator authentication and ACLs restrictions (if applicable). CVE-2023-35081 | July 31, 2023 |
Ivanti Endpoint Manager Mobile Authentication Bypass Vulnerability | Ivanti Endpoint Manager Mobile (EPMM, previously branded MobileIron Core) contains an authentication bypass vulnerability that allows unauthenticated access to specific API paths. An attacker with access to these API paths can access personally identifiable information (PII) such as names, phone numbers, and other mobile device details for users on a vulnerable system. An attacker can also make other configuration changes, including creating an EPMM administrative account that can make further c CVE-2023-35078 | July 25, 2023 |
MobileIron Core, Connector, Sentry, and RDM Remote Code Execution Vulnerability | A remote code execution vulnerability that allows remote attackers to execute arbitrary code via unspecified vectors. CVE-2020-15505 | November 3, 2021 |
By the Year
In 2024 there have been 13 vulnerabilities in Ivanti with an average score of 8.3 out of ten. Last year Ivanti had 51 security vulnerabilities published. Right now, Ivanti is on track to have less security vulnerabilities in 2024 than it did last year. Last year, the average CVE base score was greater by 0.37
Year | Vulnerabilities | Average Score |
---|---|---|
2024 | 13 | 8.26 |
2023 | 51 | 8.63 |
2022 | 14 | 7.11 |
2021 | 27 | 8.20 |
2020 | 26 | 6.76 |
2019 | 28 | 7.66 |
2018 | 9 | 7.40 |
It may take a day or so for new Ivanti vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Ivanti Security Vulnerabilities
A heap overflow vulnerability in IPSec component of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure
CVE-2024-21894
9.8 - Critical
- April 04, 2024
A heap overflow vulnerability in IPSec component of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure allows an unauthenticated malicious user to send specially crafted requests in-order-to crash the service thereby causing a DoS attack. In certain conditions this may lead to execution of arbitrary code
Memory Corruption
A heap overflow vulnerability in IPSec component of Ivanti Connect Secure (9.x
22.x) and Ivanti Policy Secure
CVE-2024-22053
8.2 - High
- April 04, 2024
A heap overflow vulnerability in IPSec component of Ivanti Connect Secure (9.x 22.x) and Ivanti Policy Secure allows an unauthenticated malicious user to send specially crafted requests in-order-to crash the service thereby causing a DoS attack or in certain conditions read contents from memory.
Memory Corruption
A null pointer dereference vulnerability in IPSec component of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure
CVE-2024-22052
7.5 - High
- April 04, 2024
A null pointer dereference vulnerability in IPSec component of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure allows an unauthenticated malicious user to send specially crafted requests in-order-to crash the service thereby causing a DoS attack
NULL Pointer Dereference
An XML entity expansion or XEE vulnerability in SAML component of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure
CVE-2024-22023
5.3 - Medium
- April 04, 2024
An XML entity expansion or XEE vulnerability in SAML component of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure allows an unauthenticated attacker to send specially crafted XML requests in-order-to temporarily cause resource exhaustion thereby resulting in a limited-time DoS.
NULL Pointer Dereference
An file upload vulnerability in Ivanti ITSM before 2023.4, allows an authenticated remote user to perform file writes to the server
CVE-2023-46808
9.9 - Critical
- March 31, 2024
An file upload vulnerability in Ivanti ITSM before 2023.4, allows an authenticated remote user to perform file writes to the server. Successful exploitation may lead to execution of commands in the context of non-root user.
Unrestricted File Upload
A command injection vulnerability in Ivanti Sentry prior to 9.19.0
CVE-2023-41724
8.8 - High
- March 31, 2024
A command injection vulnerability in Ivanti Sentry prior to 9.19.0 allows unauthenticated threat actor to execute arbitrary commands on the underlying operating system of the appliance within the same physical or logical network.
Command Injection
An XML external entity or XXE vulnerability in the SAML component of Ivanti Connect Secure (9.x, 22.x), Ivanti Policy Secure (9.x, 22.x) and ZTA gateways which
CVE-2024-22024
8.3 - High
- February 13, 2024
An XML external entity or XXE vulnerability in the SAML component of Ivanti Connect Secure (9.x, 22.x), Ivanti Policy Secure (9.x, 22.x) and ZTA gateways which allows an attacker to access certain restricted resources without authentication.
XXE
A server-side request forgery vulnerability in the SAML component of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure (9.x, 22.x) and Ivanti Neurons for ZTA
CVE-2024-21893
8.2 - High
- January 31, 2024
A server-side request forgery vulnerability in the SAML component of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure (9.x, 22.x) and Ivanti Neurons for ZTA allows an attacker to access certain restricted resources without authentication.
XSPA
A privilege escalation vulnerability in web component of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure (9.x, 22.x) allows a user to elevate privileges to
CVE-2024-21888
8.8 - High
- January 31, 2024
A privilege escalation vulnerability in web component of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure (9.x, 22.x) allows a user to elevate privileges to that of an administrator.
Directory Traversal vulnerability in Ivanti Avalanche 6.3.4.153
CVE-2023-41474
6.5 - Medium
- January 25, 2024
Directory Traversal vulnerability in Ivanti Avalanche 6.3.4.153 allows a remote authenticated attacker to obtain sensitive information via the javax.faces.resource component.
Directory traversal
A command injection vulnerability in web components of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure (9.x, 22.x)
CVE-2024-21887
9.1 - Critical
- January 12, 2024
A command injection vulnerability in web components of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure (9.x, 22.x) allows an authenticated administrator to send specially crafted requests and execute arbitrary commands on the appliance.
Command Injection
An authentication bypass vulnerability in the web component of Ivanti ICS 9.x, 22.x and Ivanti Policy Secure
CVE-2023-46805
8.2 - High
- January 12, 2024
An authentication bypass vulnerability in the web component of Ivanti ICS 9.x, 22.x and Ivanti Policy Secure allows a remote attacker to access restricted resources by bypassing control checks.
authentification
An unspecified SQL Injection vulnerability in Ivanti Endpoint Manager released prior to 2022 SU 5
CVE-2023-39336
8.8 - High
- January 09, 2024
An unspecified SQL Injection vulnerability in Ivanti Endpoint Manager released prior to 2022 SU 5 allows an attacker with access to the internal network to execute arbitrary SQL queries and retrieve output without the need for authentication. Under specific circumstances, this may also lead to RCE on the core server.
SQL Injection
An unauthenticated could abuse a XXE vulnerability in the Smart Device Server to leak data or perform a Server-Side Request Forgery (SSRF).
CVE-2023-46265
9.8 - Critical
- December 19, 2023
An unauthenticated could abuse a XXE vulnerability in the Smart Device Server to leak data or perform a Server-Side Request Forgery (SSRF).
XXE
An attacker can send a specially crafted request
CVE-2023-46266
9.1 - Critical
- December 19, 2023
An attacker can send a specially crafted request which could lead to leakage of sensitive data or potentially a resource-based DoS attack.
An unauthenticated attacked could send a specifically crafted web request causing a Server-Side Request Forgery (SSRF) in Ivanti Avalanche Remote Control server.
CVE-2023-46262
7.5 - High
- December 19, 2023
An unauthenticated attacked could send a specifically crafted web request causing a Server-Side Request Forgery (SSRF) in Ivanti Avalanche Remote Control server.
XSPA
An attacker can send a specially crafted request
CVE-2021-22962
9.1 - Critical
- December 19, 2023
An attacker can send a specially crafted request which could lead to leakage of sensitive data or potentially a resource-based DoS attack.
A vulnerability exists on all versions of Ivanti Connect Secure below 22.6R2 where an attacker can send a specific request
CVE-2023-39340
7.5 - High
- December 16, 2023
A vulnerability exists on all versions of Ivanti Connect Secure below 22.6R2 where an attacker can send a specific request which may lead to Denial of Service (DoS) of the appliance.
A vulnerability exists on all versions of Ivanti Connect Secure below 22.6R2 where an attacker with a foothold on an Ivanti Connect Secure (ICS) appliance
CVE-2023-41720
7.8 - High
- December 14, 2023
A vulnerability exists on all versions of Ivanti Connect Secure below 22.6R2 where an attacker with a foothold on an Ivanti Connect Secure (ICS) appliance can escalate their privileges by exploiting a vulnerable installed application. This vulnerability allows the attacker to gain elevated execution privileges on the affected system.
A vulnerability exists on all versions of Ivanti Connect Secure below 22.6R2 where an attacker impersonating an administrator may craft a specific web request
CVE-2023-41719
7.2 - High
- December 14, 2023
A vulnerability exists on all versions of Ivanti Connect Secure below 22.6R2 where an attacker impersonating an administrator may craft a specific web request which may lead to remote code execution.
A security vulnerability in EPMM Versions 11.10, 11.9 and 11.8 older
CVE-2023-39337
9.1 - Critical
- November 15, 2023
A security vulnerability in EPMM Versions 11.10, 11.9 and 11.8 older allows a threat actor with knowledge of an enrolled device identifier to access and extract sensitive information, including device and environment configuration details, as well as secrets. This vulnerability poses a serious security risk, potentially exposing confidential data and system integrity.
A security vulnerability has been identified in EPMM Versions 11.10, 11.9 and 11.8 and older
CVE-2023-39335
9.8 - Critical
- November 15, 2023
A security vulnerability has been identified in EPMM Versions 11.10, 11.9 and 11.8 and older allowing an unauthenticated threat actor to impersonate any existing user during the device enrollment process. This issue poses a significant security risk, as it enables unauthorized access and potential misuse of user accounts and resources.
Ivanti Avalanche Incorrect Default Permissions
CVE-2023-41726
7.8 - High
- November 03, 2023
Ivanti Avalanche Incorrect Default Permissions allows Local Privilege Escalation Vulnerability
Incorrect Default Permissions
Ivanti Avalanche EnterpriseServer Service Unrestricted File Upload Local Privilege Escalation Vulnerability
CVE-2023-41725
7.8 - High
- November 03, 2023
Ivanti Avalanche EnterpriseServer Service Unrestricted File Upload Local Privilege Escalation Vulnerability
Unrestricted File Upload
A locally authenticated attacker with low privileges
CVE-2022-44569
7.8 - High
- November 03, 2023
A locally authenticated attacker with low privileges can bypass authentication due to insecure inter-process communication.
authentification
Ivanti Avalanche Printer Device Service Missing Authentication Local Privilege Escalation Vulnerability
CVE-2022-43555
7.8 - High
- November 03, 2023
Ivanti Avalanche Printer Device Service Missing Authentication Local Privilege Escalation Vulnerability
Missing Authentication for Critical Function
Ivanti Avalanche Smart Device Service Missing Authentication Local Privilege Escalation Vulnerability
CVE-2022-43554
7.8 - High
- November 03, 2023
Ivanti Avalanche Smart Device Service Missing Authentication Local Privilege Escalation Vulnerability
Missing Authentication for Critical Function
Unsafe Deserialization of User Input could lead to Execution of Unauthorized Operations in Ivanti Endpoint Manager 2022 su3 and all previous versions, which could
CVE-2023-35084
9.8 - Critical
- October 18, 2023
Unsafe Deserialization of User Input could lead to Execution of Unauthorized Operations in Ivanti Endpoint Manager 2022 su3 and all previous versions, which could allow an attacker to execute commands remotely.
Marshaling, Unmarshaling
Allows an authenticated attacker with network access to read arbitrary files on Endpoint Manager recently discovered on 2022 SU3 and all previous versions potentially leading to the leakage of sensitive information.
CVE-2023-35083
6.5 - Medium
- October 18, 2023
Allows an authenticated attacker with network access to read arbitrary files on Endpoint Manager recently discovered on 2022 SU3 and all previous versions potentially leading to the leakage of sensitive information.
An issue was discovered in Ivanti Endpoint Manager before 2022 SU4
CVE-2023-38344
6.5 - Medium
- September 21, 2023
An issue was discovered in Ivanti Endpoint Manager before 2022 SU4. A file disclosure vulnerability exists in the GetFileContents SOAP action exposed via /landesk/managementsuite/core/core.secure/OsdScript.asmx. The application does not sufficiently restrict user-supplied paths, allowing for an authenticated attacker to read arbitrary files from a remote system, including the private key used to authenticate to agents for remote access.
An XXE (XML external entity injection) vulnerability exists in the CSEP component of Ivanti Endpoint Manager before 2022 SU4
CVE-2023-38343
7.5 - High
- September 21, 2023
An XXE (XML external entity injection) vulnerability exists in the CSEP component of Ivanti Endpoint Manager before 2022 SU4. External entity references are enabled in the XML parser configuration. Exploitation of this vulnerability can lead to file disclosure or Server Side Request Forgery.
XXE
A security vulnerability in MICS Admin Portal in Ivanti MobileIron Sentry versions 9.18.0 and below, which may
CVE-2023-38035
9.8 - Critical
- August 21, 2023
A security vulnerability in MICS Admin Portal in Ivanti MobileIron Sentry versions 9.18.0 and below, which may allow an attacker to bypass authentication controls on the administrative interface due to an insufficiently restrictive Apache HTTPD configuration.
AuthZ
An authentication bypass vulnerability in Ivanti EPMM 11.10 and older
CVE-2023-35082
9.8 - Critical
- August 15, 2023
An authentication bypass vulnerability in Ivanti EPMM 11.10 and older, allows unauthorized users to access restricted functionality or resources of the application without proper authentication. This vulnerability is unique to CVE-2023-35078 announced earlier.
authentification
An attacker can send a specially crafted request which could lead to leakage of sensitive data or potentially a resource-based DoS attack
CVE-2023-32565
9.1 - Critical
- August 10, 2023
An attacker can send a specially crafted request which could lead to leakage of sensitive data or potentially a resource-based DoS attack. Fixed in version 6.4.1.
An unrestricted upload of file with dangerous type vulnerability exists in Avalanche versions 6.4.1 and below
CVE-2023-32564
9.8 - Critical
- August 10, 2023
An unrestricted upload of file with dangerous type vulnerability exists in Avalanche versions 6.4.1 and below that could allow an attacker to achieve a remove code execution.
Unrestricted File Upload
An unauthenticated attacker could achieve the code execution through a RemoteControl server.
CVE-2023-32563
9.8 - Critical
- August 10, 2023
An unauthenticated attacker could achieve the code execution through a RemoteControl server.
Directory traversal
An unrestricted upload of file with dangerous type vulnerability exists in Avalanche versions 6.3.x and below
CVE-2023-32562
9.8 - Critical
- August 10, 2023
An unrestricted upload of file with dangerous type vulnerability exists in Avalanche versions 6.3.x and below that could allow an attacker to achieve a remove code execution. Fixed in version 6.4.1.
Unrestricted File Upload
DSM 2022.2 SU2 and all prior versions
CVE-2023-28129
7.8 - High
- August 10, 2023
DSM 2022.2 SU2 and all prior versions allows a local low privileged account to execute arbitrary OS commands as the DSM software installation user.
A previously generated artifact by an administrator could be accessed by an attacker
CVE-2023-32561
7.5 - High
- August 10, 2023
A previously generated artifact by an administrator could be accessed by an attacker. The contents of this artifact could lead to authentication bypass. Fixed in version 6.4.1.
An attacker can send a specially crafted message to the Wavelink Avalanche Manager
CVE-2023-32560
9.8 - Critical
- August 10, 2023
An attacker can send a specially crafted message to the Wavelink Avalanche Manager, which could result in service disruption or arbitrary code execution. Thanks to a Researcher at Tenable for finding and reporting. Fixed in version 6.4.1.
Memory Corruption
Ivanti Avalanche decodeToMap XML External Entity Processing
CVE-2023-32567
9.8 - Critical
- August 10, 2023
Ivanti Avalanche decodeToMap XML External Entity Processing. Fixed in version 6.4.1.236
XXE
An attacker can send a specially crafted request which could lead to leakage of sensitive data or potentially a resource-based DoS attack
CVE-2023-32566
9.1 - Critical
- August 10, 2023
An attacker can send a specially crafted request which could lead to leakage of sensitive data or potentially a resource-based DoS attack. Fixed in version 6.4.1.
A path traversal vulnerability in Ivanti EPMM versions (11.10.x < 11.10.0.3, 11.9.x < 11.9.1.2 and 11.8.x < 11.8.1.2)
CVE-2023-35081
7.2 - High
- August 03, 2023
A path traversal vulnerability in Ivanti EPMM versions (11.10.x < 11.10.0.3, 11.9.x < 11.9.1.2 and 11.8.x < 11.8.1.2) allows an authenticated administrator to write arbitrary files onto the appliance.
Directory traversal
An authentication bypass vulnerability in Ivanti EPMM
CVE-2023-35078
9.8 - Critical
- July 25, 2023
An authentication bypass vulnerability in Ivanti EPMM allows unauthorized users to access restricted functionality or resources of the application without proper authentication.
authentification
A improper input validation vulnerability exists in Ivanti Endpoint Manager 2022 and below
CVE-2023-28324
9.8 - Critical
- July 01, 2023
A improper input validation vulnerability exists in Ivanti Endpoint Manager 2022 and below that could allow privilege escalation or remote code execution.
Improper Input Validation
A deserialization of untrusted data exists in EPM 2022 Su3 and all prior versions that allows an unauthenticated user to elevate rights
CVE-2023-28323
9.8 - Critical
- July 01, 2023
A deserialization of untrusted data exists in EPM 2022 Su3 and all prior versions that allows an unauthenticated user to elevate rights. This exploit could potentially be used in conjunction with other OS (Operating System) vulnerabilities to escalate privileges on the machine or be used as a stepping stone to get to other network attached machines.
Marshaling, Unmarshaling
An unrestricted upload of file with dangerous type vulnerability exists in Avalanche versions 6.3.x and below
CVE-2023-28128
7.2 - High
- May 09, 2023
An unrestricted upload of file with dangerous type vulnerability exists in Avalanche versions 6.3.x and below that could allow an attacker to achieve a remove code execution.
Unrestricted File Upload
A path traversal vulnerability exists in Avalanche version 6.3.x and below
CVE-2023-28127
7.5 - High
- May 09, 2023
A path traversal vulnerability exists in Avalanche version 6.3.x and below that when exploited could result in possible information disclosure.
Directory traversal
An authentication bypass vulnerability exists in Avalanche versions 6.3.x and below
CVE-2023-28126
5.9 - Medium
- May 09, 2023
An authentication bypass vulnerability exists in Avalanche versions 6.3.x and below that could allow an attacker to gain access by exploiting the SetUser method or can exploit the Race Condition in the authentication message.
Race Condition
An improper authentication vulnerability exists in Avalanche Premise versions 6.3.x and below
CVE-2023-28125
5.9 - Medium
- May 09, 2023
An improper authentication vulnerability exists in Avalanche Premise versions 6.3.x and below that could allow an attacker to gain access to the server by registering to receive messages from the server and perform an authentication bypass.
Race Condition
This vulnerability allows remote attackers to bypass authentication on affected installations of Ivanti Avalanche 6.3.2.3490
CVE-2022-36976
9.8 - Critical
- March 29, 2023
This vulnerability allows remote attackers to bypass authentication on affected installations of Ivanti Avalanche 6.3.2.3490. The specific flaw exists within the GroupDaoImpl class. A crafted request can trigger execution of SQL queries composed from a user-supplied string. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-15333.
SQL Injection
This vulnerability allows remote attackers to bypass authentication on affected installations of Ivanti Avalanche 6.3.2.3490
CVE-2022-36975
9.8 - Critical
- March 29, 2023
This vulnerability allows remote attackers to bypass authentication on affected installations of Ivanti Avalanche 6.3.2.3490. The specific flaw exists within the ProfileDaoImpl class. A crafted request can trigger execution of SQL queries composed from a user-supplied string. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-15332.
SQL Injection
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Avalanche 6.3.2.3490
CVE-2022-36974
9.8 - Critical
- March 29, 2023
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Avalanche 6.3.2.3490. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the Web File Server service. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to execute code in the context of the service account. Was ZDI-CAN-15330.
Marshaling, Unmarshaling
This vulnerability allows remote attackers to bypass authentication on affected installations of Ivanti Avalanche 6.3.2.3490
CVE-2022-36973
8.8 - High
- March 29, 2023
This vulnerability allows remote attackers to bypass authentication on affected installations of Ivanti Avalanche 6.3.2.3490. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the ProfileDaoImpl class. A crafted request can trigger execution of SQL queries composed from a user-supplied string. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-15329.
SQL Injection
This vulnerability allows remote attackers to bypass authentication on affected installations of Ivanti Avalanche 6.3.2.3490
CVE-2022-36972
9.8 - Critical
- March 29, 2023
This vulnerability allows remote attackers to bypass authentication on affected installations of Ivanti Avalanche 6.3.2.3490. The specific flaw exists within the ProfileDaoImpl class. A crafted request can trigger execution of SQL queries composed from a user-supplied string. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-15328.
SQL Injection
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Avalanche 6.3.2.3490
CVE-2022-36971
8.8 - High
- March 29, 2023
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Avalanche 6.3.2.3490. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the JwtTokenUtility class. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to execute code in the context of the service account. Was ZDI-CAN-15301.
Marshaling, Unmarshaling
This vulnerability allows remote attackers to bypass authentication on affected installations of Ivanti Avalanche 6.3.2.3490
CVE-2022-36979
9.8 - Critical
- March 29, 2023
This vulnerability allows remote attackers to bypass authentication on affected installations of Ivanti Avalanche 6.3.2.3490. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the AvalancheDaoSupport class. A crafted request can trigger execution of SQL queries composed from a user-supplied string. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-15493.
SQL Injection
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Avalanche 6.3.2.3490
CVE-2022-36978
9.8 - Critical
- March 29, 2023
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Avalanche 6.3.2.3490. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the Notification Server service. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to execute code in the context of the service account. Was ZDI-CAN-15448.
Marshaling, Unmarshaling
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Avalanche 6.3.2.3490
CVE-2022-36977
9.8 - Critical
- March 29, 2023
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Avalanche 6.3.2.3490. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the Certificate Management Server service. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to execute code in the context of the service account. Was ZDI-CAN-15449.
Marshaling, Unmarshaling
This vulnerability allows remote attackers to bypass authentication on affected installations of Ivanti Avalanche
CVE-2022-36983
9.8 - Critical
- March 29, 2023
This vulnerability allows remote attackers to bypass authentication on affected installations of Ivanti Avalanche. Authentication is not required to exploit this vulnerability. The specific flaw exists within the SetSettings class. The issue results from the lack of authentication prior to allowing access to functionality. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-15919.
Missing Authentication for Critical Function
This vulnerability allows remote attackers to read arbitrary files on affected installations of Ivanti Avalanche 6.3.3.101
CVE-2022-36982
7.5 - High
- March 29, 2023
This vulnerability allows remote attackers to read arbitrary files on affected installations of Ivanti Avalanche 6.3.3.101. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the AgentTaskHandler class. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to disclose stored session cookies, leading to further compromise. Was ZDI-CAN-15967.
Directory traversal
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Avalanche 6.3.3.101
CVE-2022-36981
9.8 - Critical
- March 29, 2023
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Avalanche 6.3.3.101. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the DeviceLogResource class. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to execute code in the context of the service account. Was ZDI-CAN-15966.
Directory traversal
This vulnerability allows remote attackers to bypass authentication on affected installations of Ivanti Avalanche 6.3.2.3490
CVE-2022-36980
8.1 - High
- March 29, 2023
This vulnerability allows remote attackers to bypass authentication on affected installations of Ivanti Avalanche 6.3.2.3490. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the EnterpriseServer service. The issue results from the lack of proper locking when performing operations during authentication. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-15528.
TOCTTOU
An improper authentication vulnerability exists in Avalanche version 6.3.x and below
CVE-2022-44574
7.5 - High
- March 10, 2023
An improper authentication vulnerability exists in Avalanche version 6.3.x and below allows unauthenticated attacker to modify properties on specific port.
authentification
XML Injection with Endpoint Manager 2022
CVE-2022-35259
7.8 - High
- December 05, 2022
XML Injection with Endpoint Manager 2022. 3 and below causing a download of a malicious file to run and possibly execute to gain unauthorized privileges.
aka Blind XPath Injection
A privilege escalation vulnerability is identified in Ivanti EPM (LANDesk Management Suite)
CVE-2022-27773
9.8 - Critical
- December 05, 2022
A privilege escalation vulnerability is identified in Ivanti EPM (LANDesk Management Suite) that allows a user to execute commands with elevated privileges.
An unauthenticated attacker
CVE-2022-35254
7.5 - High
- December 05, 2022
An unauthenticated attacker can cause a denial-of-service to the following products: Ivanti Connect Secure (ICS) in versions prior to 9.1R14.3, 9.1R15.2, 9.1R16.2, and 22.2R4, Ivanti Policy Secure (IPS) in versions prior to 9.1R17 and 22.3R1, and Ivanti Neurons for Zero-Trust Access in versions prior to 22.3R1.
Resource Exhaustion
An unauthenticated attacker
CVE-2022-35258
7.5 - High
- December 05, 2022
An unauthenticated attacker can cause a denial-of-service to the following products: Ivanti Connect Secure (ICS) in versions prior to 9.1R14.3, 9.1R15.2, 9.1R16.2, and 22.2R4, Ivanti Policy Secure (IPS) in versions prior to 9.1R17 and 22.3R1, and Ivanti Neurons for Zero-Trust Access in versions prior to 22.3R1.
Incorrect Calculation
Pulse Secure version 9.115 and below may be susceptible to client-side http request smuggling
CVE-2022-21826
5.4 - Medium
- September 30, 2022
Pulse Secure version 9.115 and below may be susceptible to client-side http request smuggling, When the application receives a POST request, it ignores the request's Content-Length header and leaves the POST body on the TCP/TLS socket. This body ends up prefixing the next HTTP request sent down that connection, this means when someone loads website attacker may be able to make browser issue a POST to the application, enabling XSS.
HTTP Request Smuggling
The LANDesk(R) Management Agent service exposes a socket and once connected, it is possible to launch commands only for signed executables
CVE-2022-30121
6.7 - Medium
- September 23, 2022
The LANDesk(R) Management Agent service exposes a socket and once connected, it is possible to launch commands only for signed executables. This is a security bug that allows a limited user to get escalated admin privileges on their system.
In Ivanti Pulse Secure Pulse Connect Secure (PCS) before 9.1R12
CVE-2021-44720
7.2 - High
- August 12, 2022
In Ivanti Pulse Secure Pulse Connect Secure (PCS) before 9.1R12, the administrator password is stored in the HTML source code of the "Maintenance > Push Configuration > Targets > Target Name" targets.cgi screen. A read-only administrative user can escalate to a read-write administrative role.
Use of Hard-coded Credentials
An authenticated high privileged user
CVE-2022-22571
4.8 - Medium
- April 11, 2022
An authenticated high privileged user can perform a stored XSS attack due to incorrect output encoding in Incapptic connect and affects all current versions.
XSS
A non-admin user with user management permission can escalate his privilege to admin user via password reset functionality
CVE-2022-22572
8.8 - High
- April 11, 2022
A non-admin user with user management permission can escalate his privilege to admin user via password reset functionality. The vulnerability affects Incapptic Connect version < 1.40.1.
Ivanti DSM Remote <= 6.3.1.1862 is vulnerable to an unquoted service path
CVE-2022-27088
7.8 - High
- April 11, 2022
Ivanti DSM Remote <= 6.3.1.1862 is vulnerable to an unquoted service path allowing local users to launch processes with elevated privileges.
Unquoted Search Path or Element
Ivanti Avalanche (Premise) 6.3.2 allows remote unauthenticated users to read arbitrary files via Absolute Path Traversal
CVE-2021-30497
7.5 - High
- April 06, 2022
Ivanti Avalanche (Premise) 6.3.2 allows remote unauthenticated users to read arbitrary files via Absolute Path Traversal. The imageFilePath parameter processed by the /AvalancheWeb/image endpoint is not verified to be within the scope of the image folder, e.g., the attacker can obtain sensitive information via the C:/Windows/system32/config/system.sav value.
Directory traversal
A user with high privilege access to the Incapptic Connect web console
CVE-2022-21828
7.2 - High
- March 04, 2022
A user with high privilege access to the Incapptic Connect web console can remotely execute code on the Incapptic Connect server using a unspecified attack vector in Incapptic Connect version 1.40.0, 1.39.1, 1.39.0, 1.38.1, 1.38.0, 1.37.1, 1.37.0, 1.36.0, 1.35.5, 1.35.4 and 1.35.3.
Ivanti Service Manager 2021.1
CVE-2021-38560
6.1 - Medium
- February 01, 2022
Ivanti Service Manager 2021.1 allows reflected XSS via the appName parameter associated with ConfigDB calls, such as in RelocateAttachments.aspx.
XSS
A insecure storage of sensitive information vulnerability exists in Ivanti Workspace Control <2021.2 (10.7.30.0)
CVE-2022-21823
5.5 - Medium
- January 10, 2022
A insecure storage of sensitive information vulnerability exists in Ivanti Workspace Control <2021.2 (10.7.30.0) that could allow an attacker with locally authenticated low privileges to obtain key information due to an unspecified attack vector.
Insecure Storage of Sensitive Information
Ivanti Workspace Control before 10.4.50.0
CVE-2019-19138
7.5 - High
- December 15, 2021
Ivanti Workspace Control before 10.4.50.0 allows attackers to degrade integrity.
A code injection vulnerability in the Ivanti EPM Cloud Services Appliance (CSA)
CVE-2021-44529
9.8 - Critical
- December 08, 2021
A code injection vulnerability in the Ivanti EPM Cloud Services Appliance (CSA) allows an unauthenticated user to execute arbitrary code with limited permissions (nobody).
Code Injection
An improper authorization control vulnerability exists in Ivanti Avalanche before 6.3.3
CVE-2021-42126
8.8 - High
- December 07, 2021
An improper authorization control vulnerability exists in Ivanti Avalanche before 6.3.3 allows an attacker with access to the Inforail Service to perform privilege escalation.
An improper access control vulnerability exists in Ivanti Avalanche before 6.3.3
CVE-2021-42124
8.8 - High
- December 07, 2021
An improper access control vulnerability exists in Ivanti Avalanche before 6.3.3 allows an attacker with access to the Inforail Service to perform a session takeover.
A command Injection vulnerability exists in Ivanti Avalanche before 6.3.3
CVE-2021-42132
8.8 - High
- December 07, 2021
A command Injection vulnerability exists in Ivanti Avalanche before 6.3.3 allows an attacker with access to the Inforail Service to perform arbitrary command execution.
Command Injection
A SQL Injection vulnerability exists in Ivanti Avalance before 6.3.3
CVE-2021-42131
8.8 - High
- December 07, 2021
A SQL Injection vulnerability exists in Ivanti Avalance before 6.3.3 allows an attacker with access to the Inforail Service to perform privilege escalation.
SQL Injection
A deserialization of untrusted data vulnerability exists in Ivanti Avalanche before 6.3.3
CVE-2021-42130
8.8 - High
- December 07, 2021
A deserialization of untrusted data vulnerability exists in Ivanti Avalanche before 6.3.3 allows an attacker with access to the Inforail Service to perform arbitrary code execution.
Marshaling, Unmarshaling
A command injection vulnerability exists in Ivanti Avalanche before 6.3.3
CVE-2021-42129
8.8 - High
- December 07, 2021
A command injection vulnerability exists in Ivanti Avalanche before 6.3.3 allows an attacker with access to the Inforail Service to perform arbitrary command execution.
Command Injection
An exposed dangerous function vulnerability exists in Ivanti Avalanche before 6.3.3 using inforail Service
CVE-2021-42128
9.8 - Critical
- December 07, 2021
An exposed dangerous function vulnerability exists in Ivanti Avalanche before 6.3.3 using inforail Service allows Privilege Escalation via Enterprise Server Service.
A deserialization of untrusted data vulnerability exists in Ivanti Avalanche before 6.3.3 using Inforail Service
CVE-2021-42127
9.8 - Critical
- December 07, 2021
A deserialization of untrusted data vulnerability exists in Ivanti Avalanche before 6.3.3 using Inforail Service allows arbitrary code execution via Data Repository Service.
Marshaling, Unmarshaling
An unrestricted file upload vulnerability exists in Ivanti Avalanche before 6.3.3
CVE-2021-42125
8.8 - High
- December 07, 2021
An unrestricted file upload vulnerability exists in Ivanti Avalanche before 6.3.3 allows an attacker with access to the Inforail Service to write dangerous files.
Unrestricted File Upload
An exposed dangerous function vulnerability exists in Ivanti Avalanche before 6.3.3
CVE-2021-42133
8.1 - High
- December 07, 2021
An exposed dangerous function vulnerability exists in Ivanti Avalanche before 6.3.3 allows an attacker with access to the Inforail Service to perform an arbitrary file write.
Inclusion of Functionality from Untrusted Control Sphere
A vulnerability in Pulse Connect Secure before 9.1R12.1 could
CVE-2021-22965
7.5 - High
- November 19, 2021
A vulnerability in Pulse Connect Secure before 9.1R12.1 could allow an unauthenticated administrator to causes a denial of service when a malformed request is sent to the device.
Resource Exhaustion
An issue was discovered in Ivanti Workspace Control before 10.6.30.0
CVE-2021-36235
7.8 - High
- September 01, 2021
An issue was discovered in Ivanti Workspace Control before 10.6.30.0. A locally authenticated user with low privileges can bypass File and Folder Security by leveraging an unspecified attack vector. As a result, the attacker can start applications with elevated privileges.
A vulnerability in Pulse Connect Secure before 9.1R12 could
CVE-2021-22938
7.2 - High
- August 16, 2021
A vulnerability in Pulse Connect Secure before 9.1R12 could allow an authenticated administrator to perform command injection via an unsanitized web parameter in the administrator web console.
Command Injection
A vulnerability in Pulse Connect Secure before 9.1R12 could
CVE-2021-22937
7.2 - High
- August 16, 2021
A vulnerability in Pulse Connect Secure before 9.1R12 could allow an authenticated administrator to perform a file write via a maliciously crafted archive uploaded in the administrator web interface.
Unrestricted File Upload
A vulnerability in Pulse Connect Secure before 9.1R12 could
CVE-2021-22936
6.1 - Medium
- August 16, 2021
A vulnerability in Pulse Connect Secure before 9.1R12 could allow a threat actor to perform a cross-site script attack against an authenticated administrator via an unsanitized web parameter.
XSS
A vulnerability in Pulse Connect Secure before 9.1R12 could
CVE-2021-22935
7.2 - High
- August 16, 2021
A vulnerability in Pulse Connect Secure before 9.1R12 could allow an authenticated administrator to perform command injection via an unsanitized web parameter.
Command Injection
A vulnerability in Pulse Connect Secure before 9.1R12 could
CVE-2021-22934
7.2 - High
- August 16, 2021
A vulnerability in Pulse Connect Secure before 9.1R12 could allow an authenticated administrator or compromised Pulse Connect Secure device in a load-balanced configuration to perform a buffer overflow via a malicious crafted web request.
Classic Buffer Overflow
A vulnerability in Pulse Connect Secure before 9.1R12 could
CVE-2021-22933
6.5 - Medium
- August 16, 2021
A vulnerability in Pulse Connect Secure before 9.1R12 could allow an authenticated administrator to perform an arbitrary file delete via a maliciously crafted web request.
Directory traversal
By abusing the 'install rpm url' command, an attacker can escape the restricted clish shell on affected versions of Ivanti MobileIron Core
CVE-2021-3198
7.2 - High
- July 22, 2021
By abusing the 'install rpm url' command, an attacker can escape the restricted clish shell on affected versions of Ivanti MobileIron Core. This issue was fixed in version 11.1.0.0.
Shell injection
By abusing the 'install rpm info detail' command, an attacker
CVE-2021-3540
7.2 - High
- July 22, 2021
By abusing the 'install rpm info detail' command, an attacker can escape the restricted clish shell on affected versions of Ivanti MobileIron Core. This issue was fixed in version 11.1.0.0.
Argument Injection