ivanti
500 tracked vulnerabilities.
CVE-2023-32562
CRITICAL
Ivanti Avalanche < 6.4.1 - Remote Code Execution via Unrestricted File Upload
Aug 10, 2023
CVSS 9.8
EPSS 0.38
CVE-2023-32561
HIGH
Ivanti Avalanche < 6.4.1 - Exposure of Sensitive Information Leading to Authentication Bypass
Aug 10, 2023
CVSS 7.5
EPSS 0.02
CVE-2023-32560
CRITICAL
Ivanti Avalanche < 6.4.1 - Remote Code Execution via Crafted Message
Aug 10, 2023
CVSS 9.8
EPSS 0.99
CVE-2023-28129
HIGH
DSM <2022.2 SU2 - Command Injection
Aug 10, 2023
CVSS 7.8
EPSS 0.00
CVE-2023-32567
CRITICAL
Ivanti Avalanche < 6.4.1 - XML External Entity Injection in decodeToMap
Aug 10, 2023
CVSS 9.8
EPSS 0.02
CVE-2023-32566
CRITICAL
Ivanti Avalanche < 6.4.1 - Sensitive Data Leakage and Denial of Service
Aug 10, 2023
CVSS 9.1
EPSS 0.02
CVE-2023-35081
HIGH
KEV
Ivanti EPMM 11.8.0-11.8.1.1, 11.9.0-11.9.1.1, 11.10.0-11.10.0.2 - Authenticated Arbitrary File Write via Path Traversal
Aug 03, 2023
CVSS 7.2
EPSS 0.63
CVE-2023-35078
CRITICAL
KEVNUCLEI
Ivanti Endpoint Manager Mobile < 11.8.1.1 - Unauthenticated Authentication Bypass
Jul 25, 2023
CVSS 9.8
EPSS 1.00
CVE-2023-35077
HIGH
Ivanti Endpoint Manager < 7.9.1.285 - Out-of-bounds Write
Jul 21, 2023
CVSS 7.5
EPSS 0.01
CVE-2023-28324
CRITICAL
Ivanti Endpoint Manager < 2022 - Privilege Escalation or Remote Code Execution
Jul 01, 2023
CVSS 9.8
EPSS 0.13
CVE-2023-28323
CRITICAL
Ivanti Endpoint Manager < 2022 Su3 - Unauthenticated Deserialization of Untrusted Data
Jul 01, 2023
CVSS 9.8
EPSS 0.03
CVE-2023-28128
HIGH
Ivanti Avalanche < 6.3.4.153 - Unrestricted Upload of File with Dangerous Type
May 09, 2023
CVSS 7.2
EPSS 0.85
CVE-2023-28127
HIGH
Ivanti Avalanche < 6.3.4.153 - Path Traversal and Information Disclosure via getLogFile
May 09, 2023
CVSS 7.5
EPSS 0.59
CVE-2023-28126
MEDIUM
Ivanti Avalanche < 6.3.4.153 - Authentication Bypass via SetUser Method or Race Condition
May 09, 2023
CVSS 5.9
EPSS 0.67
CVE-2023-28125
MEDIUM
Ivanti Avalanche < 6.3.4.153 - Authentication Bypass via Message Registration
May 09, 2023
CVSS 5.9
EPSS 0.02
CVE-2022-44569
HIGH
Ivanti Automation < 2023.4 - Authenticated Authentication Bypass via Insecure IPC
Nov 03, 2023
CVSS 7.8
EPSS 0.01
CVE-2022-43555
HIGH
Ivanti Avalanche Printer Device Service - Privilege Escalation
Nov 03, 2023
CVSS 7.8
EPSS 0.00
CVE-2022-43554
HIGH
Ivanti Avalanche Smart Device Service - Privilege Escalation
Nov 03, 2023
CVSS 7.8
EPSS 0.00
CVE-2022-36983
CRITICAL
Ivanti Avalanche 6.3.3.101-6.3.4 - Unauthenticated Authentication Bypass via SetSettings Class
Mar 29, 2023
CVSS 9.8
EPSS 0.05
CVE-2022-36982
HIGH
Ivanti Avalanche 6.3.3.101-6.3.3.102 - Unauthenticated Path Traversal in AgentTaskHandler
Mar 29, 2023
CVSS 7.5
EPSS 0.74
CVE-2022-36981
CRITICAL
Ivanti Avalanche 6.3.3.101-6.3.4 - Remote Code Execution via Path Traversal in DeviceLogResource
Mar 29, 2023
CVSS 9.8
EPSS 0.83
CVE-2022-36980
HIGH
Ivanti Avalanche 6.3.2.3490-6.3.4 - Authentication Bypass via Race Condition in EnterpriseServer Service
Mar 29, 2023
CVSS 8.1
EPSS 0.83
CVE-2022-36979
CRITICAL
Ivanti Avalanche 6.3.2.3490-<6.3.4 - Authenticated SQL Injection via AvalancheDaoSupport Class
Mar 29, 2023
CVSS 9.8
EPSS 0.07
CVE-2022-36978
CRITICAL
Ivanti Avalanche 6.3.2.3490-6.3.4 - Remote Code Execution via Untrusted Data Deserialization
Mar 29, 2023
CVSS 9.8
EPSS 0.07
CVE-2022-36977
CRITICAL
Ivanti Avalanche 6.3.2.3490-<6.3.4 - Remote Code Execution via Certificate Management Server Deserialization
Mar 29, 2023
CVSS 9.8
EPSS 0.07
Products
connect_secure 130
avalanche 117
endpoint_manager 116
policy_secure 77
endpoint_manager_mobile 28
workspace_control 22
secure_access_client 21
zero_trust_access_gateway 17
neurons_for_secure_access 15
Endpoint Manager Mobile 7
cloud_services_appliance 7
desktop_\&_server_management 6
landesk_management_suite 6
neurons_for_itsm 6
endpoint_manager_cloud_services_appliance 5
neurons_for_zero-trust_access 5
standalone_sentry 4
Endpoint Manager 3
Neurons for ITSM (Cloud) 3
Secure Access Client 3
Sentry 3
incapptic_connect 3
security_controls 3
Connect Secure 2
Neurons for ITSM (On-Premise) 2
application_control 2
automation 2
mobileiron 2
virtual_traffic_manager 2
LANDesk Management Suite 1
Quick Filters