Filtered by vendor Ivanti
Subscribe
Total
476 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-10256 | 1 Ivanti | 6 Endpoint Manager, Neurons Agent Platform, Neurons For Patch Management and 3 more | 2025-08-12 | N/A | 7.1 HIGH |
|
Insufficient permissions in Ivanti Patch SDK before version 9.7.703 allows a local authenticated attacker to delete arbitrary files.
|
|||||
| CVE-2024-13158 | 1 Ivanti | 1 Endpoint Manager | 2025-08-12 | N/A | 7.2 HIGH |
|
An unbounded resource search path in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote authenticated attacker with admin privileges to achieve remote code execution.
|
|||||
| CVE-2024-8540 | 1 Ivanti | 1 Standalone Sentry | 2025-07-30 | N/A | 8.8 HIGH |
|
Insecure permissions in Ivanti Sentry before versions 9.20.2 and 10.0.2 or 10.1.0 allow a local authenticated attacker to modify sensitive application components.
|
|||||
| CVE-2023-38036 | 1 Ivanti | 1 Avalanche | 2025-07-17 | N/A | 9.8 CRITICAL |
|
A security vulnerability within Ivanti Avalanche Manager before version 6.4.1 may allow an unauthenticated attacker to create a buffer overflow that could result in service disruption or arbitrary code execution.
|
|||||
| CVE-2023-39339 | 1 Ivanti | 1 Policy Secure | 2025-07-17 | N/A | 4.9 MEDIUM |
|
A vulnerability exists on all versions of Ivanti Policy Secure below 22.6R1 where an authenticated administrator can perform an arbitrary file read via a maliciously crafted web request.
|
|||||
| CVE-2024-38648 | 1 Ivanti | 1 Desktop \& Server Management | 2025-07-17 | N/A | 5.7 MEDIUM |
|
A hardcoded secret in Ivanti DSM before 2024.2 allows an authenticated attacker on an adjacent network to decrypt sensitive data including user credentials.
|
|||||
| CVE-2025-22460 | 1 Ivanti | 1 Cloud Services Appliance | 2025-07-16 | N/A | 7.8 HIGH |
|
Default credentials in Ivanti Cloud Services Application before version 5.0.5 allows a local authenticated attacker to escalate their privileges.
|
|||||
| CVE-2025-22462 | 1 Ivanti | 1 Neurons For Itsm | 2025-07-16 | N/A | 9.8 CRITICAL |
|
An authentication bypass in Ivanti Neurons for ITSM (on-prem only) before 2023.4, 2024.2 and 2024.3 with the May 2025 Security Patch allows a remote unauthenticated attacker to gain administrative access to the system.
|
|||||
| CVE-2024-12058 | 1 Ivanti | 2 Connect Secure, Policy Secure | 2025-07-16 | N/A | 6.8 MEDIUM |
|
External control of a file name in Ivanti Connect Secure before version 22.7R2.6 and Ivanti Policy Secure before version 22.7R1.3 allows a remote authenticated attacker with admin privileges to read arbitrary files.
|
|||||
| CVE-2025-22454 | 1 Ivanti | 1 Secure Access Client | 2025-07-16 | N/A | 7.8 HIGH |
|
Insufficiently restrictive permissions in Ivanti Secure Access Client before 22.7R4 allows a local authenticated attacker to escalate their privileges.
|
|||||
| CVE-2024-39709 | 1 Ivanti | 2 Connect Secure, Policy Secure | 2025-07-16 | N/A | 7.8 HIGH |
|
Incorrect file permissions in Ivanti Connect Secure before version 22.6R2 (Not Applicable to 9.1Rx) and Ivanti Policy Secure before version 22.7R1 (Not Applicable to 9.1Rx) allow a local authenticated attacker to escalate their privileges.
|
|||||
| CVE-2024-38649 | 1 Ivanti | 1 Connect Secure | 2025-07-16 | N/A | 7.5 HIGH |
|
An out-of-bounds write in IPsec of Ivanti Connect Secure before version 22.7R2.1(Not Applicable to 9.1Rx) allows a remote unauthenticated attacker to cause a denial of service.
|
|||||
| CVE-2025-5450 | 1 Ivanti | 2 Connect Secure, Policy Secure | 2025-07-15 | N/A | 6.3 MEDIUM |
|
Improper access control in the certificate management component of Ivanti Connect Secure before version 22.7R2.8 and Ivanti Policy Secure before version 22.7R1.5 allows a remote authenticated admin with read-only rights to modify settings that should be restricted.
|
|||||
| CVE-2025-5451 | 1 Ivanti | 2 Connect Secure, Policy Secure | 2025-07-15 | N/A | 4.9 MEDIUM |
|
A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.8 and Ivanti Policy Secure before version 22.7R1.5 allows a remote authenticated attacker with admin rights to trigger a denial of service.
|
|||||
| CVE-2025-5463 | 1 Ivanti | 2 Connect Secure, Policy Secure | 2025-07-15 | N/A | 5.5 MEDIUM |
|
Insertion of sensitive information into a log file in Ivanti Connect Secure before version 22.7R2.8 and Ivanti Policy Secure before version 22.7R1.5 allows a local authenticated attacker to obtain that information.
|
|||||
| CVE-2025-0292 | 1 Ivanti | 2 Connect Secure, Policy Secure | 2025-07-15 | N/A | 5.5 MEDIUM |
|
SSRF in Ivanti Connect Secure before version 22.7R2.8 and Ivanti Policy Secure before version 22.7R1.5 allows a remote authenticated attacker with admin rights to access internal network services.
|
|||||
| CVE-2025-5464 | 1 Ivanti | 1 Connect Secure | 2025-07-15 | N/A | 6.5 MEDIUM |
|
Insertion of sensitive information into a log file in Ivanti Connect Secure before version 22.7R2.8 allows a local authenticated attacker to obtain that information.
|
|||||
| CVE-2024-11771 | 1 Ivanti | 1 Cloud Services Appliance | 2025-07-14 | N/A | 5.3 MEDIUM |
|
Path traversal in Ivanti CSA before version 5.0.5 allows a remote unauthenticated attacker to access restricted functionality.
|
|||||
| CVE-2024-10644 | 1 Ivanti | 2 Connect Secure, Policy Secure | 2025-07-14 | N/A | 9.1 CRITICAL |
|
Code injection in Ivanti Connect Secure before version 22.7R2.4 and Ivanti Policy Secure before version 22.7R1.3 allows a remote authenticated attacker with admin privileges to achieve remote code execution.
|
|||||
| CVE-2024-7572 | 1 Ivanti | 1 Desktop \& Server Management | 2025-07-11 | N/A | 7.1 HIGH |
|
Insufficient permissions in Ivanti DSM before version 2024.3.5740 allows a local authenticated attacker to delete arbitrary files.
|
|||||
| CVE-2024-10630 | 1 Ivanti | 2 Application Control, Security Controls | 2025-07-11 | N/A | 7.8 HIGH |
|
A race condition in Ivanti Application Control Engine before version 10.14.4.0 allows a local authenticated attacker to bypass the application blocking functionality.
|
|||||
| CVE-2024-13172 | 1 Ivanti | 1 Endpoint Manager | 2025-07-11 | N/A | 7.8 HIGH |
|
Improper signature verification in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to achieve remote code execution. Local user interaction is required.
|
|||||
| CVE-2024-13171 | 1 Ivanti | 1 Endpoint Manager | 2025-07-11 | N/A | 7.8 HIGH |
|
Insufficient filename validation in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to achieve remote code execution. Local user interaction is required.
|
|||||
| CVE-2024-13170 | 1 Ivanti | 1 Endpoint Manager | 2025-07-11 | N/A | 7.5 HIGH |
|
An out-of-bounds write in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to cause a denial of service.
|
|||||
| CVE-2024-13169 | 1 Ivanti | 1 Endpoint Manager | 2025-07-11 | N/A | 7.8 HIGH |
|
An out-of-bounds read in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a local authenticated attacker to escalate their privileges.
|
|||||
| CVE-2024-13168 | 1 Ivanti | 1 Endpoint Manager | 2025-07-11 | N/A | 7.5 HIGH |
|
An out-of-bounds write in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to cause a denial of service.
|
|||||
| CVE-2024-13164 | 1 Ivanti | 1 Endpoint Manager | 2025-07-11 | N/A | 7.8 HIGH |
|
An uninitialized resource in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a local authenticated attacker to escalate their privileges.
|
|||||
| CVE-2024-13163 | 1 Ivanti | 1 Endpoint Manager | 2025-07-11 | N/A | 7.8 HIGH |
|
Deserialization of untrusted data in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to achieve remote code execution. Local user interaction is required.
|
|||||
| CVE-2024-13165 | 1 Ivanti | 1 Endpoint Manager | 2025-07-11 | N/A | 7.5 HIGH |
|
An out-of-bounds write in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to cause a denial of service.
|
|||||
| CVE-2024-13166 | 1 Ivanti | 1 Endpoint Manager | 2025-07-11 | N/A | 7.5 HIGH |
|
An out-of-bounds write in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to cause a denial of service.
|
|||||
| CVE-2024-13167 | 1 Ivanti | 1 Endpoint Manager | 2025-07-11 | N/A | 7.5 HIGH |
|
An out-of-bounds write in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to cause a denial of service.
|
|||||
| CVE-2024-13162 | 1 Ivanti | 1 Endpoint Manager | 2025-07-11 | N/A | 7.2 HIGH |
|
SQL injection in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote authenticated attacker with admin privileges to achieve remote code execution. This CVE addresses incomplete fixes from CVE-2024-32848.
|
|||||
| CVE-2025-6770 | 1 Ivanti | 1 Endpoint Manager Mobile | 2025-07-11 | N/A | 7.2 HIGH |
|
OS command injection in Ivanti Endpoint Manager Mobile (EPMM) before version 12.5.0.2 allows a remote authenticated attacker with high privileges to achieve remote code execution
|
|||||
| CVE-2025-6771 | 1 Ivanti | 1 Endpoint Manager Mobile | 2025-07-11 | N/A | 7.2 HIGH |
|
OS command injection in Ivanti Endpoint Manager Mobile (EPMM) before version 12.5.0.2,12.4.0.3 and 12.3.0.3 allows a remote authenticated attacker with high privileges to achieve remote code execution
|
|||||
| CVE-2025-6995 | 1 Ivanti | 1 Endpoint Manager | 2025-07-11 | N/A | 8.4 HIGH |
|
Improper use of encryption in the agent of Ivanti Endpoint Manager before version 2024 SU3 and 2022 SU8 Security Update 1 allows a local authenticated attacker to decrypt other users’ passwords.
|
|||||
| CVE-2025-6996 | 1 Ivanti | 1 Endpoint Manager | 2025-07-11 | N/A | 8.4 HIGH |
|
Improper use of encryption in the agent of Ivanti Endpoint Manager before version 2024 SU3 and 2022 SU8 Security Update 1 allows a local authenticated attacker to decrypt other users’ passwords.
|
|||||
| CVE-2025-7037 | 1 Ivanti | 1 Endpoint Manager | 2025-07-11 | N/A | 7.2 HIGH |
|
SQL injection in Ivanti Endpoint Manager before version 2024 SU3 and 2022 SU8 Security Update 1 allows a remote authenticated attacker with admin privileges to read arbitrary data from the database
|
|||||
| CVE-2024-39710 | 1 Ivanti | 2 Connect Secure, Policy Secure | 2025-07-11 | N/A | 9.1 CRITICAL |
|
Argument injection in Ivanti Connect Secure before version 22.7R2.1 and 9.1R18.7 and Ivanti Policy Secure before version 22.7R1.1 allows a remote authenticated attacker with admin privileges to achieve remote code execution.
|
|||||
| CVE-2024-39711 | 1 Ivanti | 2 Connect Secure, Policy Secure | 2025-07-11 | N/A | 9.1 CRITICAL |
|
Argument injection in Ivanti Connect Secure before version 22.7R2.1 and 9.1R18.7 and Ivanti Policy Secure before version 22.7R1.1 allows a remote authenticated attacker with admin privileges to achieve remote code execution.
|
|||||
| CVE-2024-39712 | 1 Ivanti | 2 Connect Secure, Policy Secure | 2025-07-11 | N/A | 9.1 CRITICAL |
|
Argument injection in Ivanti Connect Secure before version 22.7R2.1 and 9.1R18.7 and Ivanti Policy Secure before version 22.7R1.1 allows a remote authenticated attacker with admin privileges to achieve remote code execution.
|
|||||