Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
ivanti vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv3
CVE-2022-35258
An unauthenticated attacker can cause a denial-of-service to the following products: Ivanti Connect Secure (ICS) in versions before 9.1R14.3, 9.1R15.2, 9.1R16.2, and 22.2R4, Ivanti Policy Secure (IPS) in versions before 9.1R17 and 22.3R1, and Ivanti Neurons for Zero-Trust Access ...
Ivanti Policy Secure
Ivanti Connect Secure
Ivanti Connect Secure 22.1
Ivanti Connect Secure 22.2
Ivanti Connect Secure 9.1
Ivanti Connect Secure 21.9
Ivanti Connect Secure 21.12
Ivanti Neurons For Zero-trust Access 22.2
Ivanti Policy Secure 22.2
Ivanti Policy Secure 22.1
Ivanti Policy Secure 9.1
7.2
CVSSv3
CVE-2023-41719
A vulnerability exists on all versions of Ivanti Connect Secure below 22.6R2 where an attacker impersonating an administrator may craft a specific web request which may lead to remote code execution.
Ivanti Connect Secure 22.1
Ivanti Connect Secure 22.2
Ivanti Connect Secure 21.9
Ivanti Connect Secure 21.12
Ivanti Connect Secure 22.3
Ivanti Connect Secure 22.4
Ivanti Connect Secure 22.5
Ivanti Connect Secure 22.6
Ivanti Connect Secure 9.1
7.5
CVSSv3
CVE-2023-39340
A vulnerability exists on all versions of Ivanti Connect Secure below 22.6R2 where an attacker can send a specific request which may lead to Denial of Service (DoS) of the appliance.
Ivanti Connect Secure 22.1
Ivanti Connect Secure 22.2
Ivanti Connect Secure 22.5
Ivanti Connect Secure 22.4
Ivanti Connect Secure 22.3
Ivanti Connect Secure 9.1
Ivanti Connect Secure 22.6
7.8
CVSSv3
CVE-2023-41720
A vulnerability exists on all versions of Ivanti Connect Secure below 22.6R2 where an attacker with a foothold on an Ivanti Connect Secure (ICS) appliance can escalate their privileges by exploiting a vulnerable installed application. This vulnerability allows the malicious user ...
Ivanti Connect Secure 22.1
Ivanti Connect Secure 22.2
Ivanti Connect Secure 22.5
Ivanti Connect Secure 22.4
Ivanti Connect Secure 22.3
Ivanti Connect Secure 22.6
8.3
CVSSv3
CVE-2024-22024
An XML external entity or XXE vulnerability in the SAML component of Ivanti Connect Secure (9.x, 22.x), Ivanti Policy Secure (9.x, 22.x) and ZTA gateways which allows an malicious user to access certain restricted resources without authentication.
Ivanti Connect Secure 22.5
Ivanti Connect Secure 9.1
Ivanti Connect Secure 22.4
Ivanti Policy Secure 22.5
Ivanti Zero Trust Access 22.6
2 Github repositories
6 Articles
7.7
CVSSv3
CVE-2019-11538
In Pulse Secure Pulse Connect Secure version 9.0RX prior to 9.0R3.4, 8.3RX prior to 8.3R7.1, 8.2RX prior to 8.2R12.1, and 8.1RX prior to 8.1R15.1, an NFS problem could allow an authenticated malicious user to access the contents of arbitrary files on the affected device.
Ivanti Connect Secure 9.0
Ivanti Connect Secure 8.1
Ivanti Connect Secure 8.2
Ivanti Connect Secure 8.3
7.2
CVSSv3
CVE-2019-11508
In Pulse Secure Pulse Connect Secure (PCS) prior to 8.1R15.1, 8.2 prior to 8.2R12.1, 8.3 prior to 8.3R7.1, and 9.0 prior to 9.0R3.4, an authenticated attacker (via the admin web interface) can exploit Directory Traversal to execute arbitrary code on the appliance.
Pulsesecure Pulse Connect Secure 7.4
Ivanti Connect Secure 9.0
Ivanti Connect Secure 8.1
Ivanti Connect Secure 8.2
Ivanti Connect Secure 8.3
Ivanti Connect Secure 7.1
Ivanti Connect Secure 7.4
9.8
CVSSv3
CVE-2022-27773
A privilege escalation vulnerability is identified in Ivanti EPM (LANDesk Management Suite) that allows a user to execute commands with elevated privileges.
Ivanti Endpoint Manager 2021.1
Ivanti Endpoint Manager
Ivanti Endpoint Manager 2022
8.8
CVSSv3
CVE-2017-11463
In Ivanti Service Desk (formerly LANDESK Management Suite) versions between 2016.3 and 2017.3, an Unrestricted Direct Object Reference leads to referencing/updating objects belonging to other users. In other words, a normal user can send requests to a specific URI with the target...
Ivanti Endpoint Manager 2017.3
Ivanti Endpoint Manager 2016.4
Ivanti Endpoint Manager 2017.1
9.8
CVSSv3
CVE-2019-10651
An issue exists in the Core Server in Ivanti Endpoint Manager (EPM) 2017.3 before SU7 and 2018.x prior to 2018.3 SU3, with remote code execution. In other words, the issue affects 2017.3, 2018.1, and 2018.3 installations that lack the April 2019 update.
Ivanti Endpoint Manager 2018.3
Ivanti Endpoint Manager 2018.1
Ivanti Endpoint Manager 2017.3
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4040
privilege escalation
CVE-2024-4112
CVE-2024-32872
man-in-the-middle
CVE-2024-32788
bypass
CVE-2024-3400
CVE-2024-28976
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »