ivanti

500 tracked vulnerabilities.

CVE-2023-32562 CRITICAL
Ivanti Avalanche < 6.4.1 - Remote Code Execution via Unrestricted File Upload
Aug 10, 2023
CVSS 9.8
EPSS 0.38
CVE-2023-32561 HIGH
Ivanti Avalanche < 6.4.1 - Exposure of Sensitive Information Leading to Authentication Bypass
Aug 10, 2023
CVSS 7.5
EPSS 0.02
CVE-2023-32560 CRITICAL
Ivanti Avalanche < 6.4.1 - Remote Code Execution via Crafted Message
Aug 10, 2023
CVSS 9.8
EPSS 0.99
CVE-2023-28129 HIGH
DSM <2022.2 SU2 - Command Injection
Aug 10, 2023
CVSS 7.8
EPSS 0.00
CVE-2023-32567 CRITICAL
Ivanti Avalanche < 6.4.1 - XML External Entity Injection in decodeToMap
Aug 10, 2023
CVSS 9.8
EPSS 0.02
CVE-2023-32566 CRITICAL
Ivanti Avalanche < 6.4.1 - Sensitive Data Leakage and Denial of Service
Aug 10, 2023
CVSS 9.1
EPSS 0.02
CVE-2023-35081 HIGH KEV
Ivanti EPMM 11.8.0-11.8.1.1, 11.9.0-11.9.1.1, 11.10.0-11.10.0.2 - Authenticated Arbitrary File Write via Path Traversal
Aug 03, 2023
CVSS 7.2
EPSS 0.63
CVE-2023-35078 CRITICAL KEVNUCLEI
Ivanti Endpoint Manager Mobile < 11.8.1.1 - Unauthenticated Authentication Bypass
Jul 25, 2023
CVSS 9.8
EPSS 1.00
CVE-2023-35077 HIGH
Ivanti Endpoint Manager < 7.9.1.285 - Out-of-bounds Write
Jul 21, 2023
CVSS 7.5
EPSS 0.01
CVE-2023-28324 CRITICAL
Ivanti Endpoint Manager < 2022 - Privilege Escalation or Remote Code Execution
Jul 01, 2023
CVSS 9.8
EPSS 0.13
CVE-2023-28323 CRITICAL
Ivanti Endpoint Manager < 2022 Su3 - Unauthenticated Deserialization of Untrusted Data
Jul 01, 2023
CVSS 9.8
EPSS 0.03
CVE-2023-28128 HIGH
Ivanti Avalanche < 6.3.4.153 - Unrestricted Upload of File with Dangerous Type
May 09, 2023
CVSS 7.2
EPSS 0.85
CVE-2023-28127 HIGH
Ivanti Avalanche < 6.3.4.153 - Path Traversal and Information Disclosure via getLogFile
May 09, 2023
CVSS 7.5
EPSS 0.59
CVE-2023-28126 MEDIUM
Ivanti Avalanche < 6.3.4.153 - Authentication Bypass via SetUser Method or Race Condition
May 09, 2023
CVSS 5.9
EPSS 0.67
CVE-2023-28125 MEDIUM
Ivanti Avalanche < 6.3.4.153 - Authentication Bypass via Message Registration
May 09, 2023
CVSS 5.9
EPSS 0.02
CVE-2022-44569 HIGH
Ivanti Automation < 2023.4 - Authenticated Authentication Bypass via Insecure IPC
Nov 03, 2023
CVSS 7.8
EPSS 0.01
CVE-2022-43555 HIGH
Ivanti Avalanche Printer Device Service - Privilege Escalation
Nov 03, 2023
CVSS 7.8
EPSS 0.00
CVE-2022-43554 HIGH
Ivanti Avalanche Smart Device Service - Privilege Escalation
Nov 03, 2023
CVSS 7.8
EPSS 0.00
CVE-2022-36983 CRITICAL
Ivanti Avalanche 6.3.3.101-6.3.4 - Unauthenticated Authentication Bypass via SetSettings Class
Mar 29, 2023
CVSS 9.8
EPSS 0.05
CVE-2022-36982 HIGH
Ivanti Avalanche 6.3.3.101-6.3.3.102 - Unauthenticated Path Traversal in AgentTaskHandler
Mar 29, 2023
CVSS 7.5
EPSS 0.74
CVE-2022-36981 CRITICAL
Ivanti Avalanche 6.3.3.101-6.3.4 - Remote Code Execution via Path Traversal in DeviceLogResource
Mar 29, 2023
CVSS 9.8
EPSS 0.83
CVE-2022-36980 HIGH
Ivanti Avalanche 6.3.2.3490-6.3.4 - Authentication Bypass via Race Condition in EnterpriseServer Service
Mar 29, 2023
CVSS 8.1
EPSS 0.83
CVE-2022-36979 CRITICAL
Ivanti Avalanche 6.3.2.3490-<6.3.4 - Authenticated SQL Injection via AvalancheDaoSupport Class
Mar 29, 2023
CVSS 9.8
EPSS 0.07
CVE-2022-36978 CRITICAL
Ivanti Avalanche 6.3.2.3490-6.3.4 - Remote Code Execution via Untrusted Data Deserialization
Mar 29, 2023
CVSS 9.8
EPSS 0.07
CVE-2022-36977 CRITICAL
Ivanti Avalanche 6.3.2.3490-<6.3.4 - Remote Code Execution via Certificate Management Server Deserialization
Mar 29, 2023
CVSS 9.8
EPSS 0.07