Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
ivanti vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2021-44529
A code injection vulnerability in the Ivanti EPM Cloud Services Appliance (CSA) allows an unauthenticated user to execute arbitrary code with limited permissions (nobody).
Ivanti Endpoint Manager Cloud Services Appliance
Ivanti Endpoint Manager Cloud Services Appliance 4.6
2 Github repositories
8.8
CVSSv3
CVE-2021-22908
A buffer overflow vulnerability exists in Windows File Resource Profiles in 9.X allows a remote authenticated user with privileges to browse SMB shares to execute arbitrary code as the root user. As of version 9.1R3, this permission is not enabled by default.
Pulsesecure Pulse Connect Secure 9.0rx
Ivanti Connect Secure 9.1
Ivanti Connect Secure 9.0
7.8
CVSSv3
CVE-2023-41725
Ivanti Avalanche EnterpriseServer Service Unrestricted File Upload Local Privilege Escalation Vulnerability
Ivanti Avalanche
7.2
CVSSv3
CVE-2021-3198
By abusing the 'install rpm url' command, an attacker can escape the restricted clish shell on affected versions of Ivanti MobileIron Core. This issue was fixed in version 11.1.0.0.
Ivanti Mobileiron
8.8
CVSSv3
CVE-2021-42126
An improper authorization control vulnerability exists in Ivanti Avalanche prior to 6.3.3 allows an attacker with access to the Inforail Service to perform privilege escalation.
Ivanti Avalanche
9.8
CVSSv3
CVE-2021-42127
A deserialization of untrusted data vulnerability exists in Ivanti Avalanche prior to 6.3.3 using Inforail Service allows arbitrary code execution via Data Repository Service.
Ivanti Avalanche
8.8
CVSSv3
CVE-2021-42131
A SQL Injection vulnerability exists in Ivanti Avalance prior to 6.3.3 allows an attacker with access to the Inforail Service to perform privilege escalation.
Ivanti Avalanche
8.8
CVSSv3
CVE-2021-42129
A command injection vulnerability exists in Ivanti Avalanche prior to 6.3.3 allows an attacker with access to the Inforail Service to perform arbitrary command execution.
Ivanti Avalanche
8.8
CVSSv3
CVE-2021-42130
A deserialization of untrusted data vulnerability exists in Ivanti Avalanche prior to 6.3.3 allows an attacker with access to the Inforail Service to perform arbitrary code execution.
Ivanti Avalanche
8.1
CVSSv3
CVE-2021-42133
An exposed dangerous function vulnerability exists in Ivanti Avalanche prior to 6.3.3 allows an attacker with access to the Inforail Service to perform an arbitrary file write.
Ivanti Avalanche
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-48654
CVE-2024-2757
authentication bypass
CVE-2024-3194
CVE-2024-33640
CVE-2024-21111
dos
insecure direct object reference
CVE-2024-21345
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »