ivanti
500 tracked vulnerabilities.
CVE-2021-42131
HIGH
Ivanti Avalanche < 6.3.3 - SQL Injection via Inforail Service
Dec 07, 2021
CVSS 8.8
EPSS 0.67
CVE-2021-42130
HIGH
Ivanti Avalanche < 6.3.3 - Remote Code Execution via Deserialization of Untrusted Data
Dec 07, 2021
CVSS 8.8
EPSS 0.62
CVE-2021-42129
HIGH
Ivanti Avalanche < 6.3.3 - Authenticated Command Injection via Inforail Service
Dec 07, 2021
CVSS 8.8
EPSS 0.77
CVE-2021-42128
CRITICAL
Ivanti Avalanche < 6.3.3 - Privilege Escalation via Enterprise Server Service
Dec 07, 2021
CVSS 9.8
EPSS 0.04
CVE-2021-42127
CRITICAL
Ivanti Avalanche < 6.3.3 - Remote Code Execution via Data Repository Service
Dec 07, 2021
CVSS 9.8
EPSS 0.66
CVE-2021-42126
HIGH
Ivanti Avalanche < 6.3.3 - Privilege Escalation via Inforail Service
Dec 07, 2021
CVSS 8.8
EPSS 0.04
CVE-2021-42125
HIGH
Ivanti Avalanche < 6.3.3 - Unauthenticated Arbitrary File Write via Inforail Service
Dec 07, 2021
CVSS 8.8
EPSS 0.82
CVE-2021-42124
HIGH
Ivanti Avalanche < 6.3.3 - Session Takeover via Inforail Service
Dec 07, 2021
CVSS 8.8
EPSS 0.03
CVE-2021-22965
HIGH
Pulse Connect Secure <9.1R12.1 - DoS
Nov 19, 2021
CVSS 7.5
EPSS 0.02
CVE-2021-36235
HIGH
Ivanti Workspace Control <10.6.30.0 - Privilege Escalation
Sep 01, 2021
CVSS 7.8
EPSS 0.01
CVE-2021-22938
HIGH
Pulse Connect Secure <9.1R12 - Command Injection
Aug 16, 2021
CVSS 7.2
EPSS 0.02
CVE-2021-22937
HIGH
Pulse Connect Secure <9.1R12 - Privilege Escalation
Aug 16, 2021
CVSS 7.2
EPSS 0.08
CVE-2021-22936
MEDIUM
Pulse Connect Secure < 9.1R12 - Cross-Site Scripting via Unsanitized Web Parameter
Aug 16, 2021
CVSS 6.1
EPSS 0.01
CVE-2021-22935
HIGH
Pulse Connect Secure <9.1R12 - Command Injection
Aug 16, 2021
CVSS 7.2
EPSS 0.02
CVE-2021-22934
HIGH
Pulse Connect Secure <9.1R12 - Buffer Overflow
Aug 16, 2021
CVSS 7.2
EPSS 0.05
CVE-2021-22933
MEDIUM
Pulse Connect Secure <9.1R12 - Privilege Escalation
Aug 16, 2021
CVSS 6.5
EPSS 0.01
CVE-2021-3540
MEDIUM
Ivanti MobileIron Core <11.1.0.0 - RCE
Jul 22, 2021
CVSS 6.5
EPSS 0.03
CVE-2021-3198
MEDIUM
Ivanti MobileIron < 10.7.0.1-9 - OS Command Injection via 'install rpm url' Command
Jul 22, 2021
CVSS 6.5
EPSS 0.03
CVE-2021-22908
HIGH
Windows File Resource Profiles <9.1R3 - RCE
May 27, 2021
CVSS 8.8
EPSS 0.69
CVE-2021-22900
HIGH
KEV
Pulse Connect Secure <9.1R11.4 - Code Injection
May 27, 2021
CVSS 7.2
EPSS 0.14
CVE-2021-22899
HIGH
KEV
Pulse Connect Secure <9.1R11.4 - Command Injection
May 27, 2021
CVSS 8.8
EPSS 0.22
CVE-2021-22894
HIGH
KEV
Pulse Connect Secure <9.1R11.4 - RCE
May 27, 2021
CVSS 8.8
EPSS 0.41
CVE-2021-22893
CRITICAL
KEV
Pulse Connect Secure >=9.0R3/9.1R1 - Auth Bypass
Apr 23, 2021
CVSS 10.0
EPSS 0.47
CVE-2020-13773
MEDIUM
Ivanti Endpoint Manager < 2020.1.1 - Cross-Site Scripting via Multiple LDMS Endpoints
Nov 16, 2020
CVSS 5.4
EPSS 0.01
CVE-2020-13772
MEDIUM
Ivanti Endpoint Manager <2020.1.1 - Info Disclosure
Nov 16, 2020
CVSS 5.3
EPSS 0.02
Products
connect_secure 130
avalanche 117
endpoint_manager 116
policy_secure 77
endpoint_manager_mobile 28
workspace_control 22
secure_access_client 21
zero_trust_access_gateway 17
neurons_for_secure_access 15
Endpoint Manager Mobile 7
cloud_services_appliance 7
desktop_\&_server_management 6
landesk_management_suite 6
neurons_for_itsm 6
endpoint_manager_cloud_services_appliance 5
neurons_for_zero-trust_access 5
standalone_sentry 4
Endpoint Manager 3
Neurons for ITSM (Cloud) 3
Secure Access Client 3
Sentry 3
incapptic_connect 3
security_controls 3
Connect Secure 2
Neurons for ITSM (On-Premise) 2
application_control 2
automation 2
mobileiron 2
virtual_traffic_manager 2
LANDesk Management Suite 1
Quick Filters