Filtered by vendor Ivanti
Subscribe
Total
205 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2020-13771 | 1 Ivanti | 1 Endpoint Manager | 2023-12-10 | 6.9 MEDIUM | 7.8 HIGH |
Various components in Ivanti Endpoint Manager through 2020.1.1 rely on Windows search order when loading a (nonexistent) library file, allowing (under certain conditions) one to gain code execution (and elevation of privileges to the level of privilege held by the vulnerable component such as NT AUTHORITY\SYSTEM) via DLL hijacking. This affects ldiscn32.exe, IpmiRedirectionService.exe, LDAPWhoAmI.exe, and ldprofile.exe. | |||||
CVE-2020-13772 | 1 Ivanti | 1 Endpoint Manager | 2023-12-10 | 5.0 MEDIUM | 5.3 MEDIUM |
In /ldclient/ldprov.cgi in Ivanti Endpoint Manager through 2020.1.1, an attacker is able to disclose information about the server operating system, local pathnames, and environment variables with no authentication required. | |||||
CVE-2019-16382 | 1 Ivanti | 1 Workspace Control | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
An issue was discovered in Ivanti Workspace Control 10.3.110.0. One is able to bypass Ivanti's FileGuard folder protection by renaming the WMTemp work folder used by PowerGrid. A malicious PowerGrid XML file can then be created, after which the folder is renamed back to its original value. Also, CVE-2018-15591 exploitation can consequently be achieved by using PowerGrid with the /SEE parameter to execute the arbitrary command specified in the XML file. | |||||
CVE-2020-12442 | 1 Ivanti | 1 Avalanche | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
Ivanti Avalanche 6.3 allows a SQL injection that is vaguely associated with the Apache HTTP Server, aka Bug 683250. | |||||
CVE-2019-17066 | 1 Ivanti | 1 Workspace Control | 2023-12-10 | 7.2 HIGH | 7.8 HIGH |
In Ivanti WorkSpace Control before 10.4.40.0, a user can elevate rights on the system by hijacking certain user registries. This is possible because pwrgrid.exe first checks the Current User registry hives (HKCU) when starting an application with elevated rights. | |||||
CVE-2020-12441 | 1 Ivanti | 2 Desktop\&server Management, Service Manager Heat Remote Control | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
Denial-of-Service (DoS) in Ivanti Service Manager HEAT Remote Control 7.4 due to a buffer overflow in the protocol parser of the ‘HEATRemoteService’ agent. The DoS can be triggered by sending a specially crafted network packet. | |||||
CVE-2020-13793 | 1 Ivanti | 1 Dsm Netinst | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
Unsafe storage of AD credentials in Ivanti DSM netinst 5.1 due to a static, hard-coded encryption key. | |||||
CVE-2020-11533 | 1 Ivanti | 1 Workspace Control | 2023-12-10 | 2.1 LOW | 5.5 MEDIUM |
Ivanti Workspace Control before 10.4.30.0, when SCCM integration is enabled, allows local users to obtain sensitive information (keying material). | |||||
CVE-2019-19675 | 1 Ivanti | 1 Workspace Control | 2023-12-10 | 4.4 MEDIUM | 7.8 HIGH |
In Ivanti Workspace Control before 10.3.180.0. a locally authenticated user with low privileges can bypass Managed Application Security by leveraging an unspecified attack vector in Workspace Preferences, when it is enabled. As a result, the attacker can start applications that should be blocked. | |||||
CVE-2019-12375 | 1 Ivanti | 1 Landesk Management Suite | 2023-12-10 | 4.1 MEDIUM | 6.3 MEDIUM |
Open directories in Ivanti LANDESK Management Suite (LDMS, aka Endpoint Manager) 10.0.1.168 Service Update 5 may lead to remote information disclosure and arbitrary code execution. | |||||
CVE-2019-12373 | 1 Ivanti | 1 Landesk Management Suite | 2023-12-10 | 2.7 LOW | 9.0 CRITICAL |
Improper access control and open directories in Ivanti LANDESK Management Suite (LDMS, aka Endpoint Manager) 10.0.1.168 Service Update 5 may lead to remote disclosure of administrator passwords. | |||||
CVE-2019-12377 | 1 Ivanti | 1 Landesk Management Suite | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
A vulnerable upl/async_upload.asp web API endpoint in Ivanti LANDESK Management Suite (LDMS, aka Endpoint Manager) 10.0.1.168 Service Update 5 allows arbitrary file upload, which may lead to arbitrary remote code execution. | |||||
CVE-2019-10885 | 1 Ivanti | 1 Workspace Control | 2023-12-10 | 4.6 MEDIUM | 7.8 HIGH |
An issue was discovered in Ivanti Workspace Control before 10.3.90.0. Local authenticated users with low privileges in a Workspace Control managed session can bypass Workspace Control security features configured for this session by resetting the session context. | |||||
CVE-2019-12374 | 1 Ivanti | 1 Landesk Management Suite | 2023-12-10 | 6.8 MEDIUM | 8.1 HIGH |
A SQL Injection vulnerability exists in Ivanti LANDESK Management Suite (LDMS, aka Endpoint Manager) 10.0.1.168 Service Update 5 due to improper username sanitization in the Basic Authentication implementation in core/provisioning.secure/ProvisioningSecure.asmx in Provisioning.Secure.dll. | |||||
CVE-2019-10651 | 1 Ivanti | 1 Endpoint Manager | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
An issue was discovered in the Core Server in Ivanti Endpoint Manager (EPM) 2017.3 before SU7 and 2018.x before 2018.3 SU3, with remote code execution. In other words, the issue affects 2017.3, 2018.1, and 2018.3 installations that lack the April 2019 update. | |||||
CVE-2019-12376 | 1 Ivanti | 1 Landesk Management Suite | 2023-12-10 | 2.7 LOW | 4.5 MEDIUM |
Use of a hard-coded encryption key in Ivanti LANDESK Management Suite (LDMS, aka Endpoint Manager) 10.0.1.168 Service Update 5 may lead to full managed endpoint compromise by an authenticated user with read privileges. | |||||
CVE-2018-15591 | 1 Ivanti | 1 Workspace Control | 2023-12-10 | 4.6 MEDIUM | 7.8 HIGH |
An issue was discovered in Ivanti Workspace Control before 10.3.10.0 and RES One Workspace. A local authenticated user can bypass Application Whitelisting restrictions to execute arbitrary code by leveraging multiple unspecified attack vectors. | |||||
CVE-2018-15590 | 1 Ivanti | 1 Workspace Control | 2023-12-10 | 2.1 LOW | 5.5 MEDIUM |
An issue was discovered in Ivanti Workspace Control before 10.3.0.0 and RES One Workspace, when file and folder security are configured. A local authenticated user can bypass file and folder security restriction by leveraging an unspecified attack vector. | |||||
CVE-2018-15592 | 1 Ivanti | 1 Workspace Control | 2023-12-10 | 4.6 MEDIUM | 7.8 HIGH |
An issue was discovered in Ivanti Workspace Control before 10.3.10.0 and RES One Workspace. A local authenticated user can execute processes with elevated privileges via an unspecified attack vector. | |||||
CVE-2018-15593 | 1 Ivanti | 1 Workspace Control | 2023-12-10 | 2.1 LOW | 7.8 HIGH |
An issue was discovered in Ivanti Workspace Control before 10.3.10.0 and RES One Workspace. A local authenticated user can decrypt the encrypted datastore or relay server password by leveraging an unspecified attack vector. |