ivanti

496 tracked vulnerabilities.

CVE-2023-41720 HIGH
Ivanti Connect Secure <22.6R2 - Privilege Escalation
Dec 14, 2023
CVSS 7.8
EPSS 0.00
CVE-2023-41719 HIGH
Ivanti Connect Secure < 22.6R2 - Remote Code Execution via Administrator Impersonation
Dec 14, 2023
CVSS 7.2
EPSS 0.03
CVE-2023-41718 HIGH
Ivanti Secure Access Client - Privilege Escalation via Unauthorized File Control
Nov 15, 2023
CVSS 7.8
EPSS 0.00
CVE-2023-39337 CRITICAL
Ivanti Endpoint Manager Mobile < 11.9.0 - Sensitive Information Exposure via Device Identifier
Nov 15, 2023
CVSS 9.1
EPSS 0.02
CVE-2023-39335 CRITICAL
Ivanti Endpoint Manager Mobile < 11.9.0 - Unauthenticated User Impersonation during Device Enrollment
Nov 15, 2023
CVSS 9.8
EPSS 0.02
CVE-2023-38544 MEDIUM
Ivanti Secure Access Client - Unauthorized Configuration Modification
Nov 15, 2023
CVSS 5.5
EPSS 0.00
CVE-2023-38543 HIGH
Ivanti Secure Access Client <22.6R1.1 - DoS
Nov 15, 2023
CVSS 7.8
EPSS 0.00
CVE-2023-38043 HIGH
Ivanti Secure Access Client < 22.6R1.1 - Authenticated Denial of Service via Vulnerable Configuration
Nov 15, 2023
CVSS 7.8
EPSS 0.00
CVE-2023-35080 HIGH
Ivanti Secure Access Client < 22.6 - Incorrect Default Permissions
Nov 15, 2023
CVSS 7.8
EPSS 0.01
CVE-2023-41726 HIGH
Ivanti Avalanche < 6.4.1.236 - Local Privilege Escalation via Incorrect Default Permissions
Nov 03, 2023
CVSS 7.8
EPSS 0.00
CVE-2023-41725 HIGH
Ivanti Avalanche < 6.4.1.236 - Unrestricted File Upload and Local Privilege Escalation
Nov 03, 2023
CVSS 7.8
EPSS 0.00
CVE-2023-38041 HIGH
Ivanti Secure Access Client < 22.6 - Authenticated Privilege Escalation via TOCTOU Race Condition
Oct 25, 2023
CVSS 7.0
EPSS 0.00
CVE-2023-35084 CRITICAL
Ivanti Endpoint Manager < 2022 su3 - Remote Code Execution via Unsafe Deserialization
Oct 18, 2023
CVSS 9.8
EPSS 0.05
CVE-2023-35083 MEDIUM
Endpoint Manager <SU3 - Info Disclosure
Oct 18, 2023
CVSS 6.5
EPSS 0.01
CVE-2023-38344 MEDIUM
Ivanti Endpoint Manager <2022 SU4 - Info Disclosure
Sep 21, 2023
CVSS 6.5
EPSS 0.01
CVE-2023-38343 HIGH
Ivanti Endpoint Manager <2022 SU4 - XSS
Sep 21, 2023
CVSS 7.5
EPSS 0.00
CVE-2023-38035 CRITICAL KEVNUCLEI
Ivanti Sentry MICSLogService Auth Bypass resulting in RCE (CVE-2023-38035)
Aug 21, 2023
CVSS 9.8
EPSS 0.94
CVE-2023-35082 CRITICAL KEVNUCLEI
Ivanti Endpoint Manager Mobile < 11.11.0 - Unauthenticated Authentication Bypass
Aug 15, 2023
CVSS 9.8
EPSS 0.94
CVE-2023-32565 CRITICAL
Ivanti Avalanche < 6.4.1 - Information Disclosure and Denial of Service
Aug 10, 2023
CVSS 9.1
EPSS 0.01
CVE-2023-32564 CRITICAL
Ivanti Avalanche < 6.4.1 - Unrestricted Upload of File with Dangerous Type
Aug 10, 2023
CVSS 9.8
EPSS 0.50
CVE-2023-32563 CRITICAL NUCLEI
Ivanti Avalanche < 6.4.1 - Unauthenticated Remote Code Execution via RemoteControl Server
Aug 10, 2023
CVSS 9.8
EPSS 0.93
CVE-2023-32562 CRITICAL
Ivanti Avalanche < 6.4.1 - Remote Code Execution via Unrestricted File Upload
Aug 10, 2023
CVSS 9.8
EPSS 0.50
CVE-2023-32561 HIGH
Ivanti Avalanche < 6.4.1 - Exposure of Sensitive Information Leading to Authentication Bypass
Aug 10, 2023
CVSS 7.5
EPSS 0.00
CVE-2023-32560 CRITICAL
Ivanti Avalanche < 6.4.1 - Remote Code Execution via Crafted Message
Aug 10, 2023
CVSS 9.8
EPSS 0.92
CVE-2023-28129 HIGH
DSM <2022.2 SU2 - Command Injection
Aug 10, 2023
CVSS 7.8
EPSS 0.01
Products
connect_secure 130 avalanche 117 endpoint_manager 116 policy_secure 77 endpoint_manager_mobile 28 workspace_control 22 secure_access_client 20 zero_trust_access_gateway 17 neurons_for_secure_access 15 cloud_services_appliance 7 Endpoint Manager Mobile 6 desktop_\&_server_management 6 landesk_management_suite 6 neurons_for_itsm 6 endpoint_manager_cloud_services_appliance 5 neurons_for_zero-trust_access 5 Endpoint Manager 3 Secure Access Client 3 incapptic_connect 3 security_controls 3 Connect Secure 2 Neurons for ITSM (Cloud) 2 Neurons for ITSM (On-Premise) 2 application_control 2 automation 2 mobileiron 2 standalone_sentry 2 virtual_traffic_manager 2 LANDesk Management Suite 1 Policy Secure 1
Quick Filters
Critical CVEs With Exploits In CISA KEV