Filtered by vendor Ivanti
Subscribe
Total
205 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2021-42128 | 1 Ivanti | 1 Avalanche | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
An exposed dangerous function vulnerability exists in Ivanti Avalanche before 6.3.3 using inforail Service allows Privilege Escalation via Enterprise Server Service. | |||||
CVE-2021-42125 | 1 Ivanti | 1 Avalanche | 2023-12-10 | 6.5 MEDIUM | 8.8 HIGH |
An unrestricted file upload vulnerability exists in Ivanti Avalanche before 6.3.3 allows an attacker with access to the Inforail Service to write dangerous files. | |||||
CVE-2021-42127 | 1 Ivanti | 1 Avalanche | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
A deserialization of untrusted data vulnerability exists in Ivanti Avalanche before 6.3.3 using Inforail Service allows arbitrary code execution via Data Repository Service. | |||||
CVE-2021-42133 | 1 Ivanti | 1 Avalanche | 2023-12-10 | 5.5 MEDIUM | 8.1 HIGH |
An exposed dangerous function vulnerability exists in Ivanti Avalanche before 6.3.3 allows an attacker with access to the Inforail Service to perform an arbitrary file write. | |||||
CVE-2022-21823 | 1 Ivanti | 1 Workspace Control | 2023-12-10 | 2.1 LOW | 5.5 MEDIUM |
A insecure storage of sensitive information vulnerability exists in Ivanti Workspace Control <2021.2 (10.7.30.0) that could allow an attacker with locally authenticated low privileges to obtain key information due to an unspecified attack vector. | |||||
CVE-2021-42130 | 1 Ivanti | 1 Avalanche | 2023-12-10 | 6.5 MEDIUM | 8.8 HIGH |
A deserialization of untrusted data vulnerability exists in Ivanti Avalanche before 6.3.3 allows an attacker with access to the Inforail Service to perform arbitrary code execution. | |||||
CVE-2021-42126 | 1 Ivanti | 1 Avalanche | 2023-12-10 | 6.5 MEDIUM | 8.8 HIGH |
An improper authorization control vulnerability exists in Ivanti Avalanche before 6.3.3 allows an attacker with access to the Inforail Service to perform privilege escalation. | |||||
CVE-2021-42132 | 1 Ivanti | 1 Avalanche | 2023-12-10 | 6.5 MEDIUM | 8.8 HIGH |
A command Injection vulnerability exists in Ivanti Avalanche before 6.3.3 allows an attacker with access to the Inforail Service to perform arbitrary command execution. | |||||
CVE-2021-42124 | 1 Ivanti | 1 Avalanche | 2023-12-10 | 6.5 MEDIUM | 8.8 HIGH |
An improper access control vulnerability exists in Ivanti Avalanche before 6.3.3 allows an attacker with access to the Inforail Service to perform a session takeover. | |||||
CVE-2021-38560 | 1 Ivanti | 1 Service Manager | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
Ivanti Service Manager 2021.1 allows reflected XSS via the appName parameter associated with ConfigDB calls, such as in RelocateAttachments.aspx. | |||||
CVE-2021-42131 | 1 Ivanti | 1 Avalanche | 2023-12-10 | 6.5 MEDIUM | 8.8 HIGH |
A SQL Injection vulnerability exists in Ivanti Avalance before 6.3.3 allows an attacker with access to the Inforail Service to perform privilege escalation. | |||||
CVE-2021-42129 | 1 Ivanti | 1 Avalanche | 2023-12-10 | 6.5 MEDIUM | 8.8 HIGH |
A command injection vulnerability exists in Ivanti Avalanche before 6.3.3 allows an attacker with access to the Inforail Service to perform arbitrary command execution. | |||||
CVE-2019-19138 | 1 Ivanti | 1 Workspace Control | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
Ivanti Workspace Control before 10.4.50.0 allows attackers to degrade integrity. | |||||
CVE-2021-3540 | 1 Ivanti | 1 Mobileiron | 2023-12-10 | 9.0 HIGH | 7.2 HIGH |
By abusing the 'install rpm info detail' command, an attacker can escape the restricted clish shell on affected versions of Ivanti MobileIron Core. This issue was fixed in version 11.1.0.0. | |||||
CVE-2021-36235 | 1 Ivanti | 1 Workspace Control | 2023-12-10 | 4.6 MEDIUM | 7.8 HIGH |
An issue was discovered in Ivanti Workspace Control before 10.6.30.0. A locally authenticated user with low privileges can bypass File and Folder Security by leveraging an unspecified attack vector. As a result, the attacker can start applications with elevated privileges. | |||||
CVE-2021-3198 | 1 Ivanti | 1 Mobileiron | 2023-12-10 | 9.0 HIGH | 7.2 HIGH |
By abusing the 'install rpm url' command, an attacker can escape the restricted clish shell on affected versions of Ivanti MobileIron Core. This issue was fixed in version 11.1.0.0. | |||||
CVE-2020-13770 | 1 Ivanti | 1 Endpoint Manager | 2023-12-10 | 7.2 HIGH | 7.8 HIGH |
Several services are accessing named pipes in Ivanti Endpoint Manager through 2020.1.1 with default or overly permissive security attributes; as these services run as user ‘NT AUTHORITY\SYSTEM’, the issue can be used to escalate privileges from a local standard or service account having SeImpersonatePrivilege (eg. user ‘NT AUTHORITY\NETWORK SERVICE’). | |||||
CVE-2020-13773 | 1 Ivanti | 1 Endpoint Manager | 2023-12-10 | 3.5 LOW | 5.4 MEDIUM |
Ivanti Endpoint Manager through 2020.1.1 allows XSS via /LDMS/frm_splitfrm.aspx, /LDMS/licensecheck.aspx, /LDMS/frm_splitcollapse.aspx, /LDMS/alert_log.aspx, /LDMS/ServerList.aspx, /LDMS/frm_coremainfrm.aspx, /LDMS/frm_findfrm.aspx, /LDMS/frm_taskfrm.aspx, and /LDMS/query_browsecomp.aspx. | |||||
CVE-2020-13774 | 1 Ivanti | 1 Endpoint Manager | 2023-12-10 | 9.0 HIGH | 9.9 CRITICAL |
An unrestricted file-upload issue in EditLaunchPadDialog.aspx in Ivanti Endpoint Manager 2019.1 and 2020.1 allows an authenticated attacker to gain remote code execution by uploading a malicious aspx file. The issue is caused by insufficient file extension validation and insecure file operations on the uploaded image, which upon failure will leave the temporarily created files in an accessible location on the server. | |||||
CVE-2020-13769 | 1 Ivanti | 1 Endpoint Manager | 2023-12-10 | 6.5 MEDIUM | 8.8 HIGH |
LDMS/alert_log.aspx in Ivanti Endpoint Manager through 2020.1 allows SQL Injection via a /remotecontrolauth/api/device request. |