Filtered by vendor Ivanti
Subscribe
Total
90 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-32560 | 1 Ivanti | 1 Avalanche | 2023-09-18 | N/A | 9.8 CRITICAL |
| An attacker can send a specially crafted message to the Wavelink Avalanche Manager, which could result in service disruption or arbitrary code execution. Thanks to a Researcher at Tenable for finding and reporting. Fixed in version 6.4.1. | |||||
| CVE-2023-38035 | 1 Ivanti | 1 Mobileiron Sentry | 2023-09-13 | N/A | 9.8 CRITICAL |
| A security vulnerability in MICS Admin Portal in Ivanti MobileIron Sentry versions 9.18.0 and below, which may allow an attacker to bypass authentication controls on the administrative interface due to an insufficiently restrictive Apache HTTPD configuration. | |||||
| CVE-2023-32563 | 1 Ivanti | 1 Avalanche | 2023-08-28 | N/A | 9.8 CRITICAL |
| An unauthenticated attacker could achieve the code execution through a RemoteControl server. | |||||
| CVE-2023-35082 | 1 Ivanti | 1 Endpoint Manager Mobile | 2023-08-22 | N/A | 9.8 CRITICAL |
| An authentication bypass vulnerability in Ivanti EPMM 11.10 and older, allows unauthorized users to access restricted functionality or resources of the application without proper authentication. This vulnerability is unique to CVE-2023-35078 announced earlier. | |||||
| CVE-2023-32561 | 1 Ivanti | 1 Avalanche | 2023-08-16 | N/A | 7.5 HIGH |
| A previously generated artifact by an administrator could be accessed by an attacker. The contents of this artifact could lead to authentication bypass. Fixed in version 6.4.1. | |||||
| CVE-2023-28129 | 1 Ivanti | 1 Desktop \& Server Management | 2023-08-15 | N/A | 7.8 HIGH |
| Desktop & Server Management (DSM) may have a possible execution of arbitrary commands. | |||||
| CVE-2023-32567 | 1 Ivanti | 1 Avalanche | 2023-08-15 | N/A | 9.8 CRITICAL |
| Ivanti Avalanche decodeToMap XML External Entity Processing. Fixed in version 6.4.1. | |||||
| CVE-2023-32566 | 1 Ivanti | 1 Avalanche | 2023-08-15 | N/A | 9.1 CRITICAL |
| An attacker can send a specially crafted request which could lead to leakage of sensitive data or potentially a resource-based DoS attack. Fixed in version 6.4.1. | |||||
| CVE-2023-32564 | 1 Ivanti | 1 Avalanche | 2023-08-15 | N/A | 9.8 CRITICAL |
| An unrestricted upload of file with dangerous type vulnerability exists in Avalanche versions 6.4.1 and below that could allow an attacker to achieve a remove code execution. | |||||
| CVE-2023-32562 | 1 Ivanti | 1 Avalanche | 2023-08-15 | N/A | 9.8 CRITICAL |
| An unrestricted upload of file with dangerous type vulnerability exists in Avalanche versions 6.3.x and below that could allow an attacker to achieve a remove code execution. Fixed in version 6.4.1. | |||||
| CVE-2023-32565 | 1 Ivanti | 1 Avalanche | 2023-08-15 | N/A | 9.1 CRITICAL |
| An attacker can send a specially crafted request which could lead to leakage of sensitive data or potentially a resource-based DoS attack. Fixed in version 6.4.1. | |||||
| CVE-2023-35081 | 1 Ivanti | 1 Endpoint Manager Mobile | 2023-08-08 | N/A | 7.2 HIGH |
| A path traversal vulnerability in Ivanti EPMM versions (11.10.x < 11.10.0.3, 11.9.x < 11.9.1.2 and 11.8.x < 11.8.1.2) allows an authenticated administrator to write arbitrary files onto the appliance. | |||||
| CVE-2022-22572 | 1 Ivanti | 1 Incapptic Connect | 2023-08-08 | 6.5 MEDIUM | 8.8 HIGH |
| A non-admin user with user management permission can escalate his privilege to admin user via password reset functionality. The vulnerability affects Incapptic Connect version < 1.40.1. | |||||
| CVE-2022-27773 | 1 Ivanti | 1 Endpoint Manager | 2023-08-08 | N/A | 9.8 CRITICAL |
| A privilege escalation vulnerability is identified in Ivanti EPM (LANDesk Management Suite) that allows a user to execute commands with elevated privileges. | |||||
| CVE-2023-35078 | 1 Ivanti | 1 Endpoint Manager Mobile | 2023-08-04 | N/A | 9.8 CRITICAL |
| Ivanti Endpoint Manager Mobile (EPMM), formerly MobileIron Core, through 11.10 allows remote attackers to obtain PII, add an administrative account, and change the configuration because of an authentication bypass, as exploited in the wild in July 2023. A patch is available. | |||||
| CVE-2023-35077 | 2 Ivanti, Microsoft | 2 Endpoint Manager, Windows | 2023-07-31 | N/A | 7.5 HIGH |
| An out-of-bounds write vulnerability on windows operating systems causes the Ivanti AntiVirus Product to crash. Update to Ivanti AV Product version 7.9.1.285 or above. | |||||
| CVE-2023-28324 | 1 Ivanti | 1 Endpoint Manager | 2023-07-10 | N/A | 9.8 CRITICAL |
| A improper input validation vulnerability exists in Ivanti Endpoint Manager 2022 and below that could allow privilege escalation or remote code execution. | |||||
| CVE-2023-28323 | 1 Ivanti | 1 Endpoint Manager | 2023-07-10 | N/A | 9.8 CRITICAL |
| A deserialization of untrusted data exists in EPM 2022 Su3 and all prior versions that allows an unauthenticated user to elevate rights. This exploit could potentially be used in conjunction with other OS (Operating System) vulnerabilities to escalate privileges on the machine or be used as a stepping stone to get to other network attached machines. | |||||
| CVE-2023-28128 | 1 Ivanti | 1 Avalanche | 2023-05-16 | N/A | 7.2 HIGH |
| An unrestricted upload of file with dangerous type vulnerability exists in Avalanche versions 6.3.x and below that could allow an attacker to achieve a remove code execution. | |||||
| CVE-2023-28125 | 1 Ivanti | 1 Avalanche | 2023-05-16 | N/A | 5.9 MEDIUM |
| An improper authentication vulnerability exists in Avalanche Premise versions 6.3.x and below that could allow an attacker to gain access to the server by registering to receive messages from the server and perform an authentication bypass. | |||||