ivanti

500 tracked vulnerabilities.

CVE-2024-10630 HIGH
Ivanti Application Control Engine <10.14.4.0 - Privilege Escalation
Jan 14, 2025
CVSS 7.8
EPSS 0.00
CVE-2024-37401 HIGH
Ivanti Connect Secure < 22.7R2.1 - Unauthenticated Denial of Service via IPsec Out-of-bounds Read
Dec 12, 2024
CVSS 7.5
EPSS 0.01
CVE-2024-37377 HIGH
Ivanti Connect Secure < 22.7 - Unauthenticated Denial of Service via IPsec Heap-Based Buffer Overflow
Dec 12, 2024
CVSS 7.5
EPSS 0.02
CVE-2024-9845 HIGH
Ivanti Automation < 2024.4.0.1 - Authenticated Local Privilege Escalation via Insecure Permissions
Dec 11, 2024
CVSS 7.8
EPSS 0.00
CVE-2024-8496 HIGH
Ivanti Workspace Control <10.18.40.0 - Privilege Escalation
Dec 11, 2024
CVSS 7.8
EPSS 0.00
CVE-2024-11598 HIGH
Ivanti Application Control < 2023.3 - Incorrect Default Permissions
Dec 11, 2024
CVSS 7.8
EPSS 0.00
CVE-2024-11597 HIGH
Ivanti Performance Manager < 2023.3 - Authenticated Local Privilege Escalation via Insecure Permissions
Dec 11, 2024
CVSS 7.8
EPSS 0.00
CVE-2024-10251 HIGH
Ivanti Security Controls <2024.4.1 - Privilege Escalation
Dec 11, 2024
CVSS 7.8
EPSS 0.00
CVE-2024-9844 HIGH
Ivanti Connect Secure <22.7R2.4 - Auth Bypass
Dec 10, 2024
CVSS 7.1
EPSS 0.01
CVE-2024-8540 HIGH
Ivanti Sentry <10.1.0 - Privilege Escalation
Dec 10, 2024
CVSS 8.8
EPSS 0.00
CVE-2024-7572 HIGH
Ivanti Desktop and Server Management 2024.2-2024.3.5740 - Authenticated Arbitrary File Deletion
Dec 10, 2024
CVSS 7.1
EPSS 0.00
CVE-2024-11773 CRITICAL
Ivanti Cloud Services Appliance < 5.0.3 - Authenticated SQL Injection in Admin Web Console
Dec 10, 2024
CVSS 9.1
EPSS 0.24
CVE-2024-11772 CRITICAL
Ivanti CSA <5.0.3 - Command Injection
Dec 10, 2024
CVSS 9.1
EPSS 0.08
CVE-2024-11639 CRITICAL
Ivanti Cloud Services Appliance < 5.0.3 - Unauthenticated Authentication Bypass in Admin Web Console
Dec 10, 2024
CVSS 10.0
EPSS 0.05
CVE-2024-11634 CRITICAL
Ivanti Connect/Ivanti Policy <22.7R2.3/<22.7R1.2 - Command Injection
Dec 10, 2024
CVSS 9.1
EPSS 0.02
CVE-2024-11633 CRITICAL
Ivanti Connect Secure <22.7R2.4 - Command Injection
Dec 10, 2024
CVSS 9.1
EPSS 0.02
CVE-2024-10256 HIGH
Ivanti Patch SDK <9.7.703 - Privilege Escalation
Dec 10, 2024
CVSS 7.1
EPSS 0.00
CVE-2024-39712 CRITICAL
Ivanti Connect Secure < 22.7 and Policy Secure < 22.7 - Authenticated Remote Code Execution via Argument Injection
Nov 13, 2024
CVSS 9.1
EPSS 0.02
CVE-2024-39711 CRITICAL
Ivanti Connect Secure < 22.7R2.1, 9.1R18.7 & Policy Secure < 22.7R1.1 - Authenticated RCE via Argument Injection
Nov 13, 2024
CVSS 9.1
EPSS 0.02
CVE-2024-39710 CRITICAL
Ivanti Connect Secure < 22.7R2.1 / 9.1R18.7 & Policy Secure < 22.7R1.1 - Authenticated RCE via Argument Injection
Nov 13, 2024
CVSS 9.1
EPSS 0.02
CVE-2024-39709 HIGH
Ivanti Connect Secure and Policy Secure - Local Privilege Escalation via Incorrect File Permissions
Nov 13, 2024
CVSS 7.8
EPSS 0.00
CVE-2024-38656 CRITICAL
Ivanti Connect Secure <22.7R2.2,9.1R18.9 - Command Injection
Nov 13, 2024
CVSS 9.1
EPSS 0.02
CVE-2024-38655 HIGH
Ivanti Connect/Ivanti Policy <22.7R2.1-9.1R18.9 - Command Injection
Nov 13, 2024
CVSS 7.2
EPSS 0.02
CVE-2024-38654 MEDIUM
Ivanti Secure Access Client <22.7R3 - DoS
Nov 13, 2024
CVSS 4.4
EPSS 0.00
CVE-2024-38649 HIGH
Ivanti Connect Secure <22.7R2.1 - DoS
Nov 13, 2024
CVSS 7.5
EPSS 0.02