Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
ivanti vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2023-35084
Unsafe Deserialization of User Input could lead to Execution of Unauthorized Operations in Ivanti Endpoint Manager 2022 su3 and all previous versions, which could allow an malicious user to execute commands remotely.
Ivanti Endpoint Manager 2022
Ivanti Endpoint Manager
9.8
CVSSv3
CVE-2023-28323
A deserialization of untrusted data exists in EPM 2022 Su3 and all prior versions that allows an unauthenticated user to elevate rights. This exploit could potentially be used in conjunction with other OS (Operating System) vulnerabilities to escalate privileges on the machine or...
Ivanti Endpoint Manager 2022
Ivanti Endpoint Manager
7.5
CVSSv3
CVE-2023-38343
An XXE (XML external entity injection) vulnerability exists in the CSEP component of Ivanti Endpoint Manager prior to 2022 SU4. External entity references are enabled in the XML parser configuration. Exploitation of this vulnerability can lead to file disclosure or Server Side Re...
Ivanti Endpoint Manager 2022
Ivanti Endpoint Manager
7.5
CVSSv3
CVE-2018-6316
Ivanti Endpoint Security (formerly HEAT Endpoint Management and Security Suite) 8.5 Update 1 and previous versions allows an authenticated user with low privileges and access to the local network to bypass application whitelisting when using the Application Control module on Ivan...
Ivanti Endpoint Security 8.5
Ivanti Endpoint Security
6.7
CVSSv3
CVE-2022-30121
The “LANDesk(R) Management Agent” service exposes a socket and once connected, it is possible to launch commands only for signed executables. This is a security bug that allows a limited user to get escalated admin privileges on their system.
Ivanti Endpoint Manager 2021.1.1
Ivanti Endpoint Manager
8.8
CVSSv3
CVE-2023-39336
An unspecified SQL Injection vulnerability in Ivanti Endpoint Manager released before 2022 SU 5 allows an attacker with access to the internal network to execute arbitrary SQL queries and retrieve output without the need for authentication. Under specific circumstances, this may ...
Ivanti Endpoint Manager 2022
Ivanti Endpoint Manager
10
CVSSv3
CVE-2021-22893
Pulse Connect Secure 9.0R3/9.1R1 and higher is vulnerable to an authentication bypass vulnerability exposed by the Windows File Share Browser and Pulse Secure Collaboration features of Pulse Connect Secure that can allow an unauthenticated user to perform remote arbitrary code ex...
Ivanti Connect Secure 9.1
Ivanti Connect Secure 9.0
9 Github repositories
6 Articles
6.1
CVSSv3
CVE-2019-11507
In Pulse Secure Pulse Connect Secure (PCS) 8.3.x prior to 8.3R7.1 and 9.0.x prior to 9.0R3, an XSS issue has been found on the Application Launcher page.
Ivanti Connect Secure 9.0
Ivanti Connect Secure 8.3
9.9
CVSSv3
CVE-2020-13774
An unrestricted file-upload issue in EditLaunchPadDialog.aspx in Ivanti Endpoint Manager 2019.1 and 2020.1 allows an authenticated malicious user to gain remote code execution by uploading a malicious aspx file. The issue is caused by insufficient file extension validation and in...
Ivanti Endpoint Manager 2019.1
Ivanti Endpoint Manager 2020.1
5.3
CVSSv3
CVE-2018-20811
A hidden RPC service issue was found with Pulse Secure Pulse Connect Secure 8.3RX prior to 8.3R2 and 8.1RX prior to 8.1R12.
Ivanti Connect Secure 8.1
Ivanti Connect Secure 8.3
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-7028
memory leak
log injection
CVE-2024-3400
CVE-2022-48695
CVE-2022-48675
CVE-2024-34487
CVE-2024-33792
spoof
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »