Filtered by vendor Ivanti
Subscribe
Total
364 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-32562 | 1 Ivanti | 1 Avalanche | 2025-03-06 | N/A | 9.8 CRITICAL |
| An unrestricted upload of file with dangerous type vulnerability exists in Avalanche versions 6.3.x and below that could allow an attacker to achieve a remove code execution. Fixed in version 6.4.1. | |||||
| CVE-2023-32561 | 1 Ivanti | 1 Avalanche | 2025-03-06 | N/A | 7.5 HIGH |
| A previously generated artifact by an administrator could be accessed by an attacker. The contents of this artifact could lead to authentication bypass. Fixed in version 6.4.1. | |||||
| CVE-2023-32560 | 1 Ivanti | 1 Avalanche | 2025-03-06 | N/A | 9.8 CRITICAL |
| An attacker can send a specially crafted message to the Wavelink Avalanche Manager, which could result in service disruption or arbitrary code execution. Thanks to a Researcher at Tenable for finding and reporting. Fixed in version 6.4.1. | |||||
| CVE-2024-47908 | 1 Ivanti | 1 Cloud Services Appliance | 2025-02-20 | N/A | 9.1 CRITICAL |
| OS command injection in the admin web console of Ivanti CSA before version 5.0.5 allows a remote authenticated attacker with admin privileges to achieve remote code execution. | |||||
| CVE-2024-13813 | 1 Ivanti | 1 Secure Access Client | 2025-02-20 | N/A | 7.1 HIGH |
| Insufficient permissions in Ivanti Secure Access Client before version 22.8R1 allows a local authenticated attacker to delete arbitrary files. | |||||
| CVE-2024-13842 | 1 Ivanti | 2 Connect Secure, Policy Secure | 2025-02-20 | N/A | 6.0 MEDIUM |
| A hardcoded key in Ivanti Connect Secure before version 22.7R2.3 and Ivanti Policy Secure before version 22.7R1.3 allows a local authenticated attacker with admin privileges to read sensitive data. | |||||
| CVE-2024-13843 | 1 Ivanti | 2 Connect Secure, Policy Secure | 2025-02-20 | N/A | 6.0 MEDIUM |
| Cleartext storage of information in Ivanti Connect Secure before version 22.7R2.6 and Ivanti Policy Secure before version 22.7R1.3 allows a local authenticated attacker with admin privileges to read sensitive data. | |||||
| CVE-2025-22467 | 1 Ivanti | 1 Connect Secure | 2025-02-20 | N/A | 9.9 CRITICAL |
| A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.6 allows a remote authenticated attacker to achieve remote code execution. | |||||
| CVE-2024-13830 | 1 Ivanti | 2 Connect Secure, Policy Secure | 2025-02-13 | N/A | 6.1 MEDIUM |
| Reflected XSS in Ivanti Connect Secure before version 22.7R2.6 and Ivanti Policy Secure before version 22.7R1.3 allows a remote unauthenticated attacker to obtain admin privileges. User interaction is required. | |||||
| CVE-2021-22894 | 1 Ivanti | 1 Connect Secure | 2025-02-12 | 9.0 HIGH | 8.8 HIGH |
| A buffer overflow vulnerability exists in Pulse Connect Secure before 9.1R11.4 allows a remote authenticated attacker to execute arbitrary code as the root user via maliciously crafted meeting room. | |||||
| CVE-2021-22899 | 1 Ivanti | 1 Connect Secure | 2025-02-12 | 6.5 MEDIUM | 8.8 HIGH |
| A command injection vulnerability exists in Pulse Connect Secure before 9.1R11.4 allows a remote authenticated attacker to perform remote code execution via Windows Resource Profiles Feature | |||||
| CVE-2020-8260 | 1 Ivanti | 1 Connect Secure | 2025-02-12 | 6.5 MEDIUM | 7.2 HIGH |
| A vulnerability in the Pulse Connect Secure < 9.1R9 admin web interface could allow an authenticated attacker to perform an arbitrary code execution using uncontrolled gzip extraction. | |||||
| CVE-2020-8218 | 2 Ivanti, Pulsesecure | 3 Connect Secure, Policy Secure, Pulse Policy Secure | 2025-02-12 | 6.5 MEDIUM | 7.2 HIGH |
| A code injection vulnerability exists in Pulse Connect Secure <9.1R8 that allows an attacker to crafted a URI to perform an arbitrary code execution via the admin web interface. | |||||
| CVE-2020-8243 | 1 Ivanti | 2 Connect Secure, Policy Secure | 2025-02-12 | 6.5 MEDIUM | 7.2 HIGH |
| A vulnerability in the Pulse Connect Secure < 9.1R8.2 admin web interface could allow an authenticated attacker to upload custom template to perform an arbitrary code execution. | |||||
| CVE-2024-21887 | 1 Ivanti | 2 Connect Secure, Policy Secure | 2025-02-12 | N/A | 9.1 CRITICAL |
| A command injection vulnerability in web components of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure (9.x, 22.x) allows an authenticated administrator to send specially crafted requests and execute arbitrary commands on the appliance. | |||||
| CVE-2023-28126 | 1 Ivanti | 1 Avalanche | 2025-01-29 | N/A | 5.9 MEDIUM |
| An authentication bypass vulnerability exists in Avalanche versions 6.3.x and below that could allow an attacker to gain access by exploiting the SetUser method or can exploit the Race Condition in the authentication message. | |||||
| CVE-2023-28125 | 1 Ivanti | 1 Avalanche | 2025-01-29 | N/A | 5.9 MEDIUM |
| An improper authentication vulnerability exists in Avalanche Premise versions 6.3.x and below that could allow an attacker to gain access to the server by registering to receive messages from the server and perform an authentication bypass. | |||||
| CVE-2023-28128 | 1 Ivanti | 1 Avalanche | 2025-01-28 | N/A | 7.2 HIGH |
| An unrestricted upload of file with dangerous type vulnerability exists in Avalanche versions 6.3.x and below that could allow an attacker to achieve a remove code execution. | |||||
| CVE-2023-28127 | 1 Ivanti | 1 Avalanche | 2025-01-28 | N/A | 7.5 HIGH |
| A path traversal vulnerability exists in Avalanche version 6.3.x and below that when exploited could result in possible information disclosure. | |||||
| CVE-2023-46805 | 1 Ivanti | 2 Connect Secure, Policy Secure | 2025-01-27 | N/A | 8.2 HIGH |
| An authentication bypass vulnerability in the web component of Ivanti ICS 9.x, 22.x and Ivanti Policy Secure allows a remote attacker to access restricted resources by bypassing control checks. | |||||