ivanti

496 tracked vulnerabilities.

CVE-2021-42127 CRITICAL
Ivanti Avalanche < 6.3.3 - Remote Code Execution via Data Repository Service
Dec 07, 2021
CVSS 9.8
EPSS 0.54
CVE-2021-42126 HIGH
Ivanti Avalanche < 6.3.3 - Privilege Escalation via Inforail Service
Dec 07, 2021
CVSS 8.8
EPSS 0.06
CVE-2021-42125 HIGH
Ivanti Avalanche < 6.3.3 - Unauthenticated Arbitrary File Write via Inforail Service
Dec 07, 2021
CVSS 8.8
EPSS 0.65
CVE-2021-42124 HIGH
Ivanti Avalanche < 6.3.3 - Session Takeover via Inforail Service
Dec 07, 2021
CVSS 8.8
EPSS 0.04
CVE-2021-22965 HIGH
Pulse Connect Secure <9.1R12.1 - DoS
Nov 19, 2021
CVSS 7.5
EPSS 0.14
CVE-2021-36235 HIGH
Ivanti Workspace Control <10.6.30.0 - Privilege Escalation
Sep 01, 2021
CVSS 7.8
EPSS 0.00
CVE-2021-22938 HIGH
Pulse Connect Secure <9.1R12 - Command Injection
Aug 16, 2021
CVSS 7.2
EPSS 0.04
CVE-2021-22937 HIGH
Pulse Connect Secure <9.1R12 - Privilege Escalation
Aug 16, 2021
CVSS 7.2
EPSS 0.10
CVE-2021-22936 MEDIUM
Pulse Connect Secure < 9.1R12 - Cross-Site Scripting via Unsanitized Web Parameter
Aug 16, 2021
CVSS 6.1
EPSS 0.00
CVE-2021-22935 HIGH
Pulse Connect Secure <9.1R12 - Command Injection
Aug 16, 2021
CVSS 7.2
EPSS 0.04
CVE-2021-22934 HIGH
Pulse Connect Secure <9.1R12 - Buffer Overflow
Aug 16, 2021
CVSS 7.2
EPSS 0.05
CVE-2021-22933 MEDIUM
Pulse Connect Secure <9.1R12 - Privilege Escalation
Aug 16, 2021
CVSS 6.5
EPSS 0.06
CVE-2021-3540 MEDIUM
Ivanti MobileIron Core <11.1.0.0 - RCE
Jul 22, 2021
CVSS 6.5
EPSS 0.02
CVE-2021-3198 MEDIUM
Ivanti MobileIron < 10.7.0.1-9 - OS Command Injection via 'install rpm url' Command
Jul 22, 2021
CVSS 6.5
EPSS 0.02
CVE-2021-22908 HIGH
Windows File Resource Profiles <9.1R3 - RCE
May 27, 2021
CVSS 8.8
EPSS 0.23
CVE-2021-22900 HIGH KEV
Pulse Connect Secure <9.1R11.4 - Code Injection
May 27, 2021
CVSS 7.2
EPSS 0.01
CVE-2021-22899 HIGH KEV
Pulse Connect Secure <9.1R11.4 - Command Injection
May 27, 2021
CVSS 8.8
EPSS 0.16
CVE-2021-22894 HIGH KEV
Pulse Connect Secure <9.1R11.4 - RCE
May 27, 2021
CVSS 8.8
EPSS 0.25
CVE-2021-22893 CRITICAL KEV
Pulse Connect Secure >=9.0R3/9.1R1 - Auth Bypass
Apr 23, 2021
CVSS 10.0
EPSS 0.94
CVE-2020-13773 MEDIUM
Ivanti Endpoint Manager < 2020.1.1 - Cross-Site Scripting via Multiple LDMS Endpoints
Nov 16, 2020
CVSS 5.4
EPSS 0.00
CVE-2020-13772 MEDIUM
Ivanti Endpoint Manager <2020.1.1 - Info Disclosure
Nov 16, 2020
CVSS 5.3
EPSS 0.02
CVE-2020-13769 HIGH
Ivanti Endpoint Manager < 2020.1 - SQL Injection via /remotecontrolauth/api/device Request
Nov 16, 2020
CVSS 8.8
EPSS 0.06
CVE-2020-13774 CRITICAL
Ivanti Endpoint Manager 2019.1 and 2020.1 - Authenticated Remote Code Execution via ASPX File Upload
Nov 12, 2020
CVSS 9.9
EPSS 0.05
CVE-2020-13771 HIGH
Ivanti Endpoint Manager < 2020.1.1 - Uncontrolled Search Path Element via DLL Hijacking
Nov 12, 2020
CVSS 7.8
EPSS 0.00
CVE-2020-13770 HIGH
Ivanti Endpoint Manager < 2020.1.1 - Privilege Escalation via Named Pipe Token Impersonation
Nov 12, 2020
CVSS 7.8
EPSS 0.00
Products
connect_secure 130 avalanche 117 endpoint_manager 116 policy_secure 77 endpoint_manager_mobile 28 workspace_control 22 secure_access_client 20 zero_trust_access_gateway 17 neurons_for_secure_access 15 cloud_services_appliance 7 Endpoint Manager Mobile 6 desktop_\&_server_management 6 landesk_management_suite 6 neurons_for_itsm 6 endpoint_manager_cloud_services_appliance 5 neurons_for_zero-trust_access 5 Endpoint Manager 3 Secure Access Client 3 incapptic_connect 3 security_controls 3 Connect Secure 2 Neurons for ITSM (Cloud) 2 Neurons for ITSM (On-Premise) 2 application_control 2 automation 2 mobileiron 2 standalone_sentry 2 virtual_traffic_manager 2 LANDesk Management Suite 1 Policy Secure 1
Quick Filters
Critical CVEs With Exploits In CISA KEV