Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
ivanti vulnerabilities and exploits
(subscribe to this query)
8.8
CVSSv3
CVE-2021-22908
A buffer overflow vulnerability exists in Windows File Resource Profiles in 9.X allows a remote authenticated user with privileges to browse SMB shares to execute arbitrary code as the root user. As of version 9.1R3, this permission is not enabled by default.
Pulsesecure Pulse Connect Secure 9.0rx
Ivanti Connect Secure 9.1
Ivanti Connect Secure 9.0
9.8
CVSSv3
CVE-2021-44529
A code injection vulnerability in the Ivanti EPM Cloud Services Appliance (CSA) allows an unauthenticated user to execute arbitrary code with limited permissions (nobody).
Ivanti Endpoint Manager Cloud Services Appliance
Ivanti Endpoint Manager Cloud Services Appliance 4.6
1 Metasploit module
2 Github repositories
7.2
CVSSv3
CVE-2021-3540
By abusing the 'install rpm info detail' command, an attacker can escape the restricted clish shell on affected versions of Ivanti MobileIron Core. This issue was fixed in version 11.1.0.0.
Ivanti Mobileiron
9.8
CVSSv3
CVE-2023-32563
An unauthenticated attacker could achieve the code execution through a RemoteControl server.
Ivanti Avalanche
1 Github repository
9.1
CVSSv3
CVE-2023-32565
An attacker can send a specially crafted request which could lead to leakage of sensitive data or potentially a resource-based DoS attack. Fixed in version 6.4.1.
Ivanti Avalanche
9.8
CVSSv3
CVE-2023-32567
Ivanti Avalanche decodeToMap XML External Entity Processing. Fixed in version 6.4.1.236
Ivanti Avalanche
7.5
CVSSv3
CVE-2023-35077
An out-of-bounds write vulnerability on windows operating systems causes the Ivanti AntiVirus Product to crash. Update to Ivanti AV Product version 7.9.1.285 or above.
Ivanti Endpoint Manager
9.1
CVSSv3
CVE-2021-22962
An attacker can send a specially crafted request which could lead to leakage of sensitive data or potentially a resource-based DoS attack.
Ivanti Avalanche
9.8
CVSSv3
CVE-2023-46223
An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution.
Ivanti Avalanche
7.8
CVSSv3
CVE-2023-41725
Ivanti Avalanche EnterpriseServer Service Unrestricted File Upload Local Privilege Escalation Vulnerability
Ivanti Avalanche
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-7073
CVE-2024-5496
CVE-2024-5495
XPath injection
bypass
CVE-2024-30043
CVE-2024-24919
denial of service
CVE-2024-35468
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »