ivanti Latest Vulnerabilities
September 19
Unrestricted Access: Path Traversal Vulnerability in Ivanti CSA
CVE-2024-8963
IvantiCsa (cloud Services Ap...9.4CRITICAL
September 12
Remote Code Execution Vulnerability in Ivanti EPM
CVE-2024-32840
IvantiEpm7.2HIGH
Ivanti EPM Vulnerable to Remote Code Execution via SQL Injection
CVE-2024-34783
IvantiEpm7.2HIGH
Remote Code Execution Vulnerability in Ivanti EPM Agent Portal
CVE-2024-29847
IvantiEpm🔥😄👾9.8CRITICAL
Ivanti EPM vulnerable to SQL injection, allowing remote code execution
CVE-2024-34779
IvantiEpm7.2HIGH
Ivanti EPM XML Entity Vulnerability
CVE-2024-37397
IvantiEpm8.2HIGH
Ivanti EPM Remote Code Execution Vulnerability
CVE-2024-32848
IvantiEpm7.2HIGH
Remote Code Execution Vulnerability in Ivanti EPM Before 2022 SU6 and 2024 September Update
CVE-2024-34785
IvantiEpm7.2HIGH
Remote Code Execution Vulnerability in Ivanti EPM
CVE-2024-32843
IvantiEpm7.2HIGH
Ivanti EPM vulnerable to SQL Injection
CVE-2024-32846
IvantiEpm7.2HIGH
Ivanti EPM vulnerable to SQL injection, remote code execution
CVE-2024-32845
IvantiEpm7.2HIGH
Remote Code Execution Vulnerability in Ivanti EPM
CVE-2024-32842
IvantiEpm7.2HIGH
September 10
Unauthorized Network Isolation Vulnerability in Ivanti EPM Before 2022 SU6 and 2024 September Update
CVE-2024-8321
IvantiEndpoint Manager8.6HIGH
Privilege Escalation Vulnerability in Ivanti Workspace Control
CVE-2024-44104
IvantiWorkspace Control7.8HIGH
Local Authenticated Attacker Can Escalate Privileges via Server-Side Controls in Ivanti Workspace Control
CVE-2024-44106
IvantiWorkspace Control7.8HIGH
Remote Code Execution Vulnerability in Ivanti Cloud Services Appliance
CVE-2024-8190
IvantiCsa (cloud Services Ap...😄👾7.2HIGH
Local Attackers Can Easily Escalate Privileges and Execute Arbitrary Code in Ivanti Workspace Control
CVE-2024-44107
IvantiWorkspace Control7.8HIGH
Remote Unauthorized Access to Network Isolation in Ivanti EPM Before 2022 SU6 or 2024 September Update
CVE-2024-8320
IvantiEndpoint Manager5.3MEDIUM
Local Auth Bypass Could Lead to Privilege Escalation
CVE-2024-8012
IvantiWorkspace Control7.8HIGH
Attackers Can Elevate Privileges via DLL Hijacking in Ivanti Workspace Control
CVE-2024-44103
IvantiWorkspace Control7.8HIGH
Local Authenticated Attacker Can Access OS Credentials via Cleartext Transmission in Ivanti Workspace Control
CVE-2024-44105
IvantiWorkspace Control7.8HIGH
Remote Access Vulnerability in Ivanti EPM Before 2022 SU6 or 2024 September Update
CVE-2024-8322
IvantiEndpoint Manager8.8HIGH
Uncontrolled Search Path Vuln in Ivanti EPM Affects Local Admin Privileges
CVE-2024-8441
IvantiEndpoint Manager6.7MEDIUM
Remote Code Execution Vulnerability in Ivanti EPM Management Console
CVE-2024-8191
IvantiEndpoint Manager9.8CRITICAL
August 14
Skin Management Components Vulnerable to Path Traversal Attacks
CVE-2024-38652
IvantiAvalanche9.1CRITICAL
Remote Code Execution Vulnerability in Ivanti Avalanche 6.3.1
CVE-2024-37373
IvantiAvalanche7.2HIGH
Remote Unauth DoS Vulnerability in Ivanti Avalanche 6.3.1
CVE-2024-37399
IvantiAvalanche7.5HIGH
Unauthorized Access to Arbitrary Files in Ivanti SmartDeviceServer 6.3.1
CVE-2024-38653
IvantiAvalanche7.5HIGH
Ivanti Avalanche Under Attack: Off-by-one Error Leads to DoS
CVE-2024-36136
IvantiAvalanche7.5HIGH
August 13
Unauthorized Access to Ivanti vTM Admin Panel via Incorrect Authentication Algorithm
CVE-2024-7593
IvantiVtm👾9.8CRITICAL
Attackers Can Impersonate Any User in Ivanti ITSM Due to Certificate Validation Flaw
CVE-2024-7570
IvantiItsm8.1HIGH
Unsafe ITSM Data Disclosure through Debug Information
CVE-2024-7569
IvantiItsm9.8CRITICAL
August 7
Unauthorized command execution vulnerability in EPMM web component
CVE-2024-36130
IvantiEpmm9.8CRITICAL
Insecure Deserialization Vulnerability Affects EPMM Web Component
CVE-2024-36131
IvantiEpmm8.8HIGH
Bypass Authentication and Access Sensitive Resources
CVE-2024-36132
IvantiEpmm7.5HIGH
Dirty Stream Vulnerability Affects Ivanti Docs@Work for Android
CVE-2024-37403
IvantiDocs@work5.5MEDIUM
Remote Access to Sensitive Information Due to Insufficient Authentication
CVE-2024-34788
IvantiEpmm6.5MEDIUM
July 29
Unauthorized Execution of Arbitrary Code via SQL Injection in Ivanti EPM 2024 Flat
CVE-2024-37381
IvantiEpm8.4HIGH
May 31
Local Privilege Escalation Vulnerability Affects Ivanti Secure Access Client for Windows
CVE-2023-38042
IvantiSecure Access Client7.8HIGH
SQL Injection Vulnerability in Ivanti Neurons for ITSM Could Lead to Data Theft and Downtime
CVE-2024-22059
IvantiItsm8.8HIGH
Local Privilege Escalation Vulnerability Affects Ivanti Secure Access Client for Linux
CVE-2023-46810
IvantiSecure Access Linux7.3HIGH
Unauthenticated SQL Injection Vulnerability Affects Ivanti EPM
CVE-2024-29823
IvantiEpm9.6CRITICAL
Unauthenticated SQL Injection Vulnerability Affects Ivanti EPM
CVE-2024-29827
IvantiEpm9.6CRITICAL
Unrestricted File Upload Vulnerability in Ivanti Neurons for ITSM Allows Remote Attackers to Write Arbitrary Files
CVE-2024-22060
IvantiItsm8.7HIGH
Unauthenticated SQL Injection Vulnerability Affects Ivanti EPM
CVE-2024-29822
IvantiEpm9.6CRITICAL
Unauthenticated SQL Injection Vulnerability Affects Ivanti EPM
CVE-2024-29826
IvantiEpm9.6CRITICAL
Arbitrary Code Execution Vulnerability in Core Server
CVE-2024-29828
IvantiEpm8.4HIGH
Arbitrary Code Execution Vulnerability in Core Server
CVE-2024-29829
IvantiEpm8.4HIGH
Unrestricted File Upload Vulnerability in Ivanti Avalanche Could Lead to System Execution
CVE-2024-29848
IvantiAvalanche7.2HIGH
Arbitrary Code Execution Vulnerability in Core Server
CVE-2024-29846
IvantiEpm8.4HIGH
CRLF Injection Vulnerability in Ivanti Connect Secure Allows Cross-Site Scripting Attacks
CVE-2023-38551
IvantiConnect Secure8.2HIGH
Arbitrary Code Execution Vulnerability in Core Server
CVE-2024-29830
IvantiEpm8.4HIGH
Buffer Overflow Vulnerability in Ivanti EPM Agent Allows Arbitrary Code Execution
CVE-2024-22058
IvantiEpm7.8HIGH
Unauthenticated SQL Injection Vulnerability Affects Ivanti EPM
CVE-2024-29824
IvantiEpm👾9.6CRITICAL
Unauthenticated SQL Injection Vulnerability Affects Ivanti EPM
CVE-2024-29825
IvantiEpm9.6CRITICAL
May 22
SQL Injection Vulnerability in EPMM Web Component
CVE-2023-46806
IvantiEpmm
SQL Injection Vulnerability in EPMM Web Component
CVE-2023-46807
IvantiEpmm
April 25
Unauthenticated Remote Attacker Can Read Sensitive Information in Memory via Out-of-Bounds Read Vulnerability in Ivanti Avalanche Before 6.4.3
CVE-2024-23527
IvantiAvalanche5.3MEDIUM
Remote Attacker Can Cause Service Disruptions with Improper Check for Unusual or Exceptional Conditions Vulnerability
CVE-2024-29205
IvantiConnect Secure7.5HIGH
April 19
Unauthenticated Remote Attacker Can Read Sensitive Information in Memory via Out-of-Bounds Read Vulnerability in Ivanti Avalanche Before 6.4.3
CVE-2024-23526
IvantiAvalanche5.3MEDIUM
Heap Overflow Vulnerability in WLInfoRailService Component
CVE-2024-22061
IvantiAvalanche8.1HIGH
Unauthenticated Remote Attacker Can Read Sensitive Information in Memory via Out-of-Bounds Read Vulnerability in Ivanti Avalanche Before 6.4.3
CVE-2024-23529
IvantiAvalanche5.3MEDIUM
Unauthenticated Remote Attacker Can Read Sensitive Information in Memory via Out-of-Bounds Read Vulnerability in Ivanti Avalanche Before 6.4.3
CVE-2024-23528
IvantiAvalanche5.3MEDIUM
Arbitrary Command Execution Vulnerability in Ivanti Avalanche Before 6.4.3
CVE-2024-25000
IvantiAvalanche8.8HIGH
Remote File Delete Vulnerability Leads to Denial-of-Service
CVE-2024-27977
IvantiAvalanche7.1HIGH
Arbitrary Command Execution Vulnerability in Ivanti Avalanche Before 6.4.3
CVE-2024-24992
IvantiAvalanche8.8HIGH
Ivanti Avalanche Under Attack: Out-of-Bounds Read Vulnerability Leads to DoS and RCE
CVE-2024-23532
IvantiAvalanche7.5HIGH
Arbitrary Command Execution Vulnerability in Ivanti Avalanche Before 6.4.3
CVE-2024-23535
IvantiAvalanche8.8HIGH
Arbitrary Command Execution Vulnerability in Ivanti Avalanche Before 6.4.3
CVE-2024-24998
IvantiAvalanche8.8HIGH
Remote Execution of Arbitrary Commands as SYSTEM via Race Condition (TOCTOU) Vulnerability
CVE-2024-24995
IvantiAvalanche8.8HIGH
Remote Execution of Arbitrary Commands as SYSTEM via Race Condition (TOCTOU) Vulnerability
CVE-2024-24993
IvantiAvalanche8.8HIGH
Arbitrary Command Execution Vulnerability in Ivanti Avalanche Before 6.4.3
CVE-2024-24999
IvantiAvlanche8.8HIGH
Arbitrary Command Execution Vulnerability in Ivanti Avalanche Before 6.4.3
CVE-2024-24997
IvantiAvalanche8.8HIGH
Ivanti Avalanche Null Pointer Dereference Vulnerability Could Lead to Denial of Service Attacks
CVE-2024-24991
IvantiAvalanche6.5MEDIUM
Ivanti Avalanche Null Pointer Dereference Vulnerability Could Lead to Denial of Service Attacks
CVE-2024-27978
IvantiAvalanche6.5MEDIUM
Arbitrary Command Execution Vulnerability in Ivanti Avalanche Before 6.4.3
CVE-2024-24994
IvantiAvalanche8.8HIGH
Heap Overflow Vulnerability in Ivanti Avalanche Could Lead to Arbitrary Command Execution
CVE-2024-24996
IvantiAvalanche9.8CRITICAL
Unrestricted File-upload Vulnerability in Ivanti Avalanche Could Lead to System Execution
CVE-2024-23534
IvantiAvalanche8.8HIGH
Out-of-Bounds Read Vulnerability in Ivanti Avalanche Could Lead to Sensitive Information Disclosure
CVE-2024-23533
IvantiAvalanche4.3MEDIUM
Integer Overflow Vulnerability in WLInfoRailService Could Lead to Denial of Service and Memory Reading
CVE-2024-23531
IvantiAvalanche7.5HIGH
Unauthenticated Remote Attacker Can Read Sensitive Information in Memory via Out-of-Bounds Read Vulnerability in Ivanti Avalanche Before 6.4.3
CVE-2024-23530
IvantiAvalanche5.3MEDIUM
Arbitrary Command Execution Vulnerability in Ivanti Avalanche Before 6.4.3
CVE-2024-27976
IvantiAvalanche8.8HIGH
Heap Overflow Vulnerability in Ivanti Avalanche Before 6.4.3
CVE-2024-29204
IvantiAvalanche👾9.8CRITICAL
Use-after-free vulnerability in Ivanti Avalanche before 6.4.3 allows remote attacker to execute arbitrary commands as SYSTEM
CVE-2024-27975
IvantiAvalanche8.8HIGH
Avalanche Path Traversal Vulnerability Allows File Deletion and DoS
CVE-2024-27984
IvantiAvalanche7.1HIGH
April 4
Ivanti Connect Secure Suffers from Heap Overflow Vulnerability, Leading to DoS Attacks
CVE-2024-21894
IvantiConnect Secure👾9.8CRITICAL
Heap Overflow Vulnerability in Ivanti Connect Secure Allows for DoS Attacks and Memory Reads
CVE-2024-22053
IvantiConnect Secure8.2HIGH
Ivanti Connect Secure Vulnerability Could Lead to DoS Attacks
CVE-2024-22052
IvantiConnect Secure7.5HIGH
Ivanti Connect Secure XML Entity Expansion Vulnerability Could Lead to Limited-Time DoS
CVE-2024-22023
IvantiConnect Secure5.3MEDIUM
March 31
File Upload Vulnerability in Ivanti ITSM Before 2023.4 Allows Remote File Writes and Command Execution
CVE-2023-46808
IvantiItsm9.9CRITICAL
Unauthenticated Command Injection Vulnerability in Ivanti Sentry
CVE-2023-41724
IvantiSentry8.8HIGH
February 13
Ivanti Connect Secure XML External Entity Vulnerability
CVE-2024-22024
IvantiICS🔥😄👾8.3HIGH
January 31
Server-Side Request Forgery Vulnerability in Ivanti Connect Secure
CVE-2024-21893
IvantiICS🔥😄👾8.2HIGH
Privilege Escalation Vulnerability Affects Ivanti Connect Secure and Policy Secure
CVE-2024-21888
IvantiICS👾8.8HIGH
January 25
Remote Directory Traversal Vulnerability in Ivanti Avalanche 6.3.4.153
CVE-2023-41474
IvantiAvalanche👾6.5MEDIUM
January 12
Ivanti Connect Secure Command Injection Vulnerability
CVE-2024-21887
IvantiICS😄👾9.1CRITICAL
Remote Authentication Bypass Vulnerability Affects Ivanti ICS and Policy Secure
CVE-2023-46805
IvantiICS🔥😄👾8.2HIGH
January 9
Unspecified SQL Injection Vulnerability Affects Ivanti Endpoint Manager Prior to 2022 SU 5
CVE-2023-39336
IvantiEndpoint Manager8.8HIGH
December 19
CVE-2023-46266
IvantiAvalanche7.3HIGH
CVE-2023-46223
IvantiAvalanche9.8CRITICAL