ivanti

496 tracked vulnerabilities.

CVE-2024-38652 CRITICAL
Ivanti Avalanche 6.3.1 - Path Traversal
Aug 14, 2024
CVSS 9.1
EPSS 0.07
CVE-2024-37399 HIGH
Ivanti Avalanche 6.3.1 - Unauthenticated Denial of Service via NULL Pointer Dereference
Aug 14, 2024
CVSS 7.5
EPSS 0.45
CVE-2024-37373 HIGH
Ivanti Avalanche 6.3.1 - Authenticated Remote Code Execution via Central Filestore Input Validation
Aug 14, 2024
CVSS 7.2
EPSS 0.03
CVE-2024-36136 HIGH
Ivanti Avalanche 6.3.1 - Unauthenticated Denial of Service via WLInfoRailService Off-by-one Error
Aug 14, 2024
CVSS 7.5
EPSS 0.06
CVE-2024-7593 CRITICAL KEVNUCLEI
Ivanti Virtual Traffic Manager Authentication Bypass (CVE-2024-7593)
Aug 13, 2024
CVSS 9.8
EPSS 0.94
CVE-2024-7570 HIGH
Ivanti Neurons for ITSM 2023.4 and earlier - Improper Certificate Validation
Aug 13, 2024
CVSS 8.3
EPSS 0.02
CVE-2024-7569 CRITICAL
Ivanti Neurons for ITSM 2023.4 and earlier - Unauthenticated Information Disclosure via Debug OIDC Client Secret
Aug 13, 2024
CVSS 9.6
EPSS 0.07
CVE-2024-37403 MEDIUM
Ivanti Docs@Work < 2.26.0 - Path Traversal via Improper File Name Sanitization
Aug 07, 2024
CVSS 5.5
EPSS 0.00
CVE-2024-36132 HIGH
Ivanti Endpoint Manager Mobile < 12.1.0.1 - Authentication Bypass
Aug 07, 2024
CVSS 7.5
EPSS 0.01
CVE-2024-36131 HIGH
Ivanti Endpoint Manager Mobile < 12.1.0.1 - Authenticated Remote Code Execution via Insecure Deserialization
Aug 07, 2024
CVSS 8.8
EPSS 0.03
CVE-2024-36130 CRITICAL
EPMM <12.1.0.1 - Privilege Escalation
Aug 07, 2024
CVSS 9.8
EPSS 0.02
CVE-2024-34788 MEDIUM
Ivanti Endpoint Manager Mobile < 12.1.0.1 - Improper Authentication in Web Component
Aug 07, 2024
CVSS 6.5
EPSS 0.08
CVE-2024-37381 HIGH
Ivanti Endpoint Manager 2024 - Authenticated SQL Injection
Jul 29, 2024
CVSS 8.0
EPSS 0.00
CVE-2024-29848 HIGH
Ivanti Avalanche <6.4.x - Command Injection
May 31, 2024
CVSS 7.2
EPSS 0.31
CVE-2024-29846 HIGH
Ivanti EPM <2022 SU5 - SQL Injection
May 31, 2024
CVSS 8.0
EPSS 0.00
CVE-2024-29830 HIGH
Ivanti EPM <2022 SU5 - Authenticated SQL Injection
May 31, 2024
CVSS 8.0
EPSS 0.00
CVE-2024-29829 HIGH
Ivanti EPM <2022 SU5 - Authenticated SQL Injection
May 31, 2024
CVSS 8.0
EPSS 0.00
CVE-2024-29828 HIGH
Ivanti EPM <2022 SU5 - SQL Injection
May 31, 2024
CVSS 8.0
EPSS 0.00
CVE-2024-29827 HIGH
Ivanti EPM <2022 SU5 - SQL Injection
May 31, 2024
CVSS 8.8
EPSS 0.00
CVE-2024-29826 HIGH
Ivanti EPM <2022 SU5 - SQL Injection
May 31, 2024
CVSS 8.8
EPSS 0.02
CVE-2024-29825 HIGH
Ivanti EPM <2022 SU5 - SQL Injection
May 31, 2024
CVSS 8.8
EPSS 0.02
CVE-2024-29824 HIGH KEVNUCLEI
Ivanti EPM RecordGoodApp SQLi RCE
May 31, 2024
CVSS 8.8
EPSS 0.94
CVE-2024-29823 HIGH
Ivanti EPM <2022 SU5 - SQL Injection
May 31, 2024
CVSS 8.8
EPSS 0.02
CVE-2024-29822 HIGH
Ivanti EPM <2022 SU5 - SQL Injection
May 31, 2024
CVSS 8.8
EPSS 0.00
CVE-2024-22060 MEDIUM
Ivanti Neurons for ITSM - File Upload
May 31, 2024
CVSS 4.9
EPSS 0.05
Products
connect_secure 130 avalanche 117 endpoint_manager 116 policy_secure 77 endpoint_manager_mobile 28 workspace_control 22 secure_access_client 20 zero_trust_access_gateway 17 neurons_for_secure_access 15 cloud_services_appliance 7 Endpoint Manager Mobile 6 desktop_\&_server_management 6 landesk_management_suite 6 neurons_for_itsm 6 endpoint_manager_cloud_services_appliance 5 neurons_for_zero-trust_access 5 Endpoint Manager 3 Secure Access Client 3 incapptic_connect 3 security_controls 3 Connect Secure 2 Neurons for ITSM (Cloud) 2 Neurons for ITSM (On-Premise) 2 application_control 2 automation 2 mobileiron 2 standalone_sentry 2 virtual_traffic_manager 2 LANDesk Management Suite 1 Policy Secure 1
Quick Filters
Critical CVEs With Exploits In CISA KEV