Filtered by vendor Ivanti
Subscriptions
Total
206 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-35078 | 1 Ivanti | 1 Endpoint Manager Mobile | 2024-06-27 | 9.8 Critical |
| An authentication bypass vulnerability in Ivanti EPMM allows unauthorized users to access restricted functionality or resources of the application without proper authentication. | ||||
| CVE-2023-38035 | 1 Ivanti | 1 Mobileiron Sentry | 2024-06-27 | 9.8 Critical |
| A security vulnerability in MICS Admin Portal in Ivanti MobileIron Sentry versions 9.18.0 and below, which may allow an attacker to bypass authentication controls on the administrative interface due to an insufficiently restrictive Apache HTTPD configuration. | ||||
| CVE-2024-22023 | 1 Ivanti | 2 Connect Secure, Policy Secure | 2024-06-20 | 5.3 Medium |
| An XML entity expansion or XEE vulnerability in SAML component of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure allows an unauthenticated attacker to send specially crafted XML requests in-order-to temporarily cause resource exhaustion thereby resulting in a limited-time DoS. | ||||
| CVE-2024-22053 | 1 Ivanti | 2 Connect Secure, Policy Secure | 2024-06-20 | 8.2 High |
| A heap overflow vulnerability in IPSec component of Ivanti Connect Secure (9.x 22.x) and Ivanti Policy Secure allows an unauthenticated malicious user to send specially crafted requests in-order-to crash the service thereby causing a DoS attack or in certain conditions read contents from memory. | ||||
| CVE-2024-21894 | 1 Ivanti | 2 Connect Secure, Policy Secure | 2024-06-20 | 9.8 Critical |
| A heap overflow vulnerability in IPSec component of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure allows an unauthenticated malicious user to send specially crafted requests in-order-to crash the service thereby causing a DoS attack. In certain conditions this may lead to execution of arbitrary code | ||||
| CVE-2023-38543 | 2 Ivanti, Microsoft | 2 Secure Access Client, Windows | 2024-06-14 | 7.8 High |
| A vulnerability exists on all versions of the Ivanti Secure Access Client below 22.6R1.1, which could allow a locally authenticated attacker to exploit a vulnerable configuration, potentially leading to a denial of service (DoS) condition on the user machine. | ||||
| CVE-2024-21887 | 1 Ivanti | 2 Connect Secure, Policy Secure | 2024-06-10 | 9.1 Critical |
| A command injection vulnerability in web components of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure (9.x, 22.x) allows an authenticated administrator to send specially crafted requests and execute arbitrary commands on the appliance. | ||||
| CVE-2023-46805 | 1 Ivanti | 2 Connect Secure, Policy Secure | 2024-06-10 | 8.2 High |
| An authentication bypass vulnerability in the web component of Ivanti ICS 9.x, 22.x and Ivanti Policy Secure allows a remote attacker to access restricted resources by bypassing control checks. | ||||
| CVE-2024-21893 | 1 Ivanti | 3 Connect Secure, Neurons For Zero-trust Access, Policy Secure | 2024-06-04 | 8.2 High |
| A server-side request forgery vulnerability in the SAML component of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure (9.x, 22.x) and Ivanti Neurons for ZTA allows an attacker to access certain restricted resources without authentication. | ||||
| CVE-2021-44529 | 1 Ivanti | 1 Endpoint Manager Cloud Services Appliance | 2024-06-04 | 9.8 Critical |
| A code injection vulnerability in the Ivanti EPM Cloud Services Appliance (CSA) allows an unauthenticated user to execute arbitrary code with limited permissions (nobody). | ||||
| CVE-2024-22026 | 1 Ivanti | 1 Endpoint Manager Mobile | 2024-05-23 | 6.7 Medium |
| A local privilege escalation vulnerability in EPMM before 12.1.0.0 allows an authenticated local user to bypass shell restriction and execute arbitrary commands on the appliance. | ||||
| CVE-2024-22052 | 1 Ivanti | 2 Connect Secure, Policy Secure | 2024-04-08 | 7.5 High |
| A null pointer dereference vulnerability in IPSec component of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure allows an unauthenticated malicious user to send specially crafted requests in-order-to crash the service thereby causing a DoS attack | ||||
| CVE-2023-46808 | 1 Ivanti | 1 Neurons For Itsm | 2024-04-01 | 9.9 Critical |
| An file upload vulnerability in Ivanti ITSM before 2023.4, allows an authenticated remote user to perform file writes to the server. Successful exploitation may lead to execution of commands in the context of non-root user. | ||||
| CVE-2023-41724 | 1 Ivanti | 1 Standalone Sentry | 2024-04-01 | 8.8 High |
| A command injection vulnerability in Ivanti Sentry prior to 9.19.0 allows unauthenticated threat actor to execute arbitrary commands on the underlying operating system of the appliance within the same physical or logical network. | ||||
| CVE-2023-41720 | 1 Ivanti | 1 Connect Secure | 2024-03-26 | 7.8 High |
| A vulnerability exists on all versions of Ivanti Connect Secure below 22.6R2 where an attacker with a foothold on an Ivanti Connect Secure (ICS) appliance can escalate their privileges by exploiting a vulnerable installed application. This vulnerability allows the attacker to gain elevated execution privileges on the affected system. | ||||
| CVE-2023-41719 | 1 Ivanti | 1 Connect Secure | 2024-03-26 | 7.2 High |
| A vulnerability exists on all versions of Ivanti Connect Secure below 22.6R2 where an attacker impersonating an administrator may craft a specific web request which may lead to remote code execution. | ||||
| CVE-2023-39340 | 1 Ivanti | 1 Connect Secure | 2024-03-26 | 7.5 High |
| A vulnerability exists on all versions of Ivanti Connect Secure below 22.6R2 where an attacker can send a specific request which may lead to Denial of Service (DoS) of the appliance. | ||||
| CVE-2019-11213 | 2 Ivanti, Pulsesecure | 3 Connect Secure, Pulse Connect Secure, Pulse Secure Desktop Client | 2024-02-27 | N/A |
| In Pulse Secure Pulse Desktop Client and Network Connect, an attacker could access session tokens to replay and spoof sessions, and as a result, gain unauthorized access as an end user, a related issue to CVE-2019-1573. (The endpoint would need to be already compromised for exploitation to succeed.) This affects Pulse Desktop Client 5.x before Secure Desktop 5.3R7 and Pulse Desktop Client 9.x before Secure Desktop 9.0R3. It also affects (for Network Connect customers) Pulse Connect Secure 8.1 before 8.1R14, 8.3 before 8.3R7, and 9.0 before 9.0R3. | ||||
| CVE-2018-20814 | 2 Ivanti, Pulsesecure | 2 Connect Secure, Pulse Policy Secure | 2024-02-27 | N/A |
| An XSS issue was found with Psaldownload.cgi in Pulse Secure Pulse Connect Secure (PCS) 8.3R2 before 8.3R2 and Pulse Policy Secure (PPS) 5.4RX before 5.4R2. This is not applicable to PCS 8.1RX or PPS 5.2RX. | ||||
| CVE-2016-4791 | 2 Ivanti, Pulsesecure | 2 Connect Secure, Pulse Connect Secure | 2024-02-27 | N/A |
| The administrative user interface in Pulse Connect Secure (PCS) 8.2 before 8.2r1, 8.1 before 8.1r2, 8.0 before 8.0r9, and 7.4 before 7.4r13.4 allows remote administrators to enumerate files, read arbitrary files, and conduct server side request forgery (SSRF) attacks via unspecified vectors. | ||||