ivanti
500 tracked vulnerabilities.
CVE-2023-46217
CRITICAL
Mobile Device Server - Memory Corruption/DoS
Dec 19, 2023
CVSS 9.8
EPSS 0.36
CVE-2023-46216
CRITICAL
Mobile Device Server - Memory Corruption
Dec 19, 2023
CVSS 9.8
EPSS 0.36
CVE-2023-41727
CRITICAL
Ivanti Avalanche < 6.4.2 - Memory Corruption via Crafted Data Packets
Dec 19, 2023
CVSS 9.8
EPSS 0.36
CVE-2023-39340
HIGH
Ivanti Connect Secure < 22.6R2 - Denial of Service
Dec 16, 2023
CVSS 7.5
EPSS 0.02
CVE-2023-41720
HIGH
Ivanti Connect Secure <22.6R2 - Privilege Escalation
Dec 14, 2023
CVSS 7.8
EPSS 0.01
CVE-2023-41719
HIGH
Ivanti Connect Secure < 22.6R2 - Remote Code Execution via Administrator Impersonation
Dec 14, 2023
CVSS 7.2
EPSS 0.03
CVE-2023-41718
HIGH
Ivanti Secure Access Client - Privilege Escalation via Unauthorized File Control
Nov 15, 2023
CVSS 7.8
EPSS 0.00
CVE-2023-39337
CRITICAL
Ivanti Endpoint Manager Mobile < 11.9.0 - Sensitive Information Exposure via Device Identifier
Nov 15, 2023
CVSS 9.1
EPSS 0.02
CVE-2023-39335
CRITICAL
Ivanti Endpoint Manager Mobile < 11.9.0 - Unauthenticated User Impersonation during Device Enrollment
Nov 15, 2023
CVSS 9.8
EPSS 0.02
CVE-2023-38544
MEDIUM
Ivanti Secure Access Client - Unauthorized Configuration Modification
Nov 15, 2023
CVSS 5.5
EPSS 0.00
CVE-2023-38543
HIGH
Ivanti Secure Access Client <22.6R1.1 - DoS
Nov 15, 2023
CVSS 7.8
EPSS 0.00
CVE-2023-38043
HIGH
Ivanti Secure Access Client < 22.6R1.1 - Authenticated Denial of Service via Vulnerable Configuration
Nov 15, 2023
CVSS 7.8
EPSS 0.00
CVE-2023-35080
HIGH
Ivanti Secure Access Client < 22.6 - Incorrect Default Permissions
Nov 15, 2023
CVSS 7.8
EPSS 0.01
CVE-2023-41726
HIGH
Ivanti Avalanche < 6.4.1.236 - Local Privilege Escalation via Incorrect Default Permissions
Nov 03, 2023
CVSS 7.8
EPSS 0.01
CVE-2023-41725
HIGH
Ivanti Avalanche < 6.4.1.236 - Unrestricted File Upload and Local Privilege Escalation
Nov 03, 2023
CVSS 7.8
EPSS 0.01
CVE-2023-38041
HIGH
Ivanti Secure Access Client < 22.6 - Authenticated Privilege Escalation via TOCTOU Race Condition
Oct 25, 2023
CVSS 7.0
EPSS 0.01
CVE-2023-35084
CRITICAL
Ivanti Endpoint Manager < 2022 su3 - Remote Code Execution via Unsafe Deserialization
Oct 18, 2023
CVSS 9.8
EPSS 0.03
CVE-2023-35083
MEDIUM
Endpoint Manager <SU3 - Info Disclosure
Oct 18, 2023
CVSS 6.5
EPSS 0.01
CVE-2023-38344
MEDIUM
Ivanti Endpoint Manager <2022 SU4 - Info Disclosure
Sep 21, 2023
CVSS 6.5
EPSS 0.01
CVE-2023-38343
HIGH
Ivanti Endpoint Manager <2022 SU4 - XSS
Sep 21, 2023
CVSS 7.5
EPSS 0.01
CVE-2023-38035
CRITICAL
KEVNUCLEI
Ivanti Sentry MICSLogService Auth Bypass resulting in RCE (CVE-2023-38035)
Aug 21, 2023
CVSS 9.8
EPSS 1.00
CVE-2023-35082
CRITICAL
KEVNUCLEI
Ivanti Endpoint Manager Mobile < 11.11.0 - Unauthenticated Authentication Bypass
Aug 15, 2023
CVSS 9.8
EPSS 1.00
CVE-2023-32565
CRITICAL
Ivanti Avalanche < 6.4.1 - Information Disclosure and Denial of Service
Aug 10, 2023
CVSS 9.1
EPSS 0.02
CVE-2023-32564
CRITICAL
Ivanti Avalanche < 6.4.1 - Unrestricted Upload of File with Dangerous Type
Aug 10, 2023
CVSS 9.8
EPSS 0.37
CVE-2023-32563
CRITICAL
NUCLEI
Ivanti Avalanche < 6.4.1 - Unauthenticated Remote Code Execution via RemoteControl Server
Aug 10, 2023
CVSS 9.8
EPSS 0.90
Products
connect_secure 130
avalanche 117
endpoint_manager 116
policy_secure 77
endpoint_manager_mobile 28
workspace_control 22
secure_access_client 21
zero_trust_access_gateway 17
neurons_for_secure_access 15
Endpoint Manager Mobile 7
cloud_services_appliance 7
desktop_\&_server_management 6
landesk_management_suite 6
neurons_for_itsm 6
endpoint_manager_cloud_services_appliance 5
neurons_for_zero-trust_access 5
standalone_sentry 4
Endpoint Manager 3
Neurons for ITSM (Cloud) 3
Secure Access Client 3
Sentry 3
incapptic_connect 3
security_controls 3
Connect Secure 2
Neurons for ITSM (On-Premise) 2
application_control 2
automation 2
mobileiron 2
virtual_traffic_manager 2
LANDesk Management Suite 1
Quick Filters