Latest Ivanti Vulnerabilities

CVE-2024-21894
A heap overflow vulnerability in IPSec component of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure allows an unauthenticated malicious user to send specially crafted requests in-order-to c...
Ivanti Connect Secure=9.1-r1
Ivanti Connect Secure=9.1-r10
Ivanti Connect Secure=9.1-r11
Ivanti Connect Secure=9.1-r11.5
Ivanti Connect Secure=9.1-r12
Ivanti Connect Secure=9.1-r13
and 54 more
CVE-2024-22023
An XML entity expansion or XEE vulnerability in SAML component of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure allows an unauthenticated attacker to send specially crafted XML requests i...
Ivanti Connect Secure=9.1-r1
Ivanti Connect Secure=9.1-r10
Ivanti Connect Secure=9.1-r11
Ivanti Connect Secure=9.1-r11.5
Ivanti Connect Secure=9.1-r12
Ivanti Connect Secure=9.1-r13
and 54 more
CVE-2024-22052
A null pointer dereference vulnerability in IPSec component of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure allows an unauthenticated malicious user to send specially crafted requests in...
Ivanti Connect Secure=9.1-r1
Ivanti Connect Secure=9.1-r10
Ivanti Connect Secure=9.1-r11
Ivanti Connect Secure=9.1-r11.5
Ivanti Connect Secure=9.1-r12
Ivanti Connect Secure=9.1-r13
and 54 more
CVE-2024-22053
A heap overflow vulnerability in IPSec component of Ivanti Connect Secure (9.x 22.x) and Ivanti Policy Secure allows an unauthenticated malicious user to send specially crafted requests in-order-to c...
Ivanti Connect Secure=9.1-r1
Ivanti Connect Secure=9.1-r10
Ivanti Connect Secure=9.1-r11
Ivanti Connect Secure=9.1-r11.5
Ivanti Connect Secure=9.1-r12
Ivanti Connect Secure=9.1-r13
and 54 more
CVE-2023-46808
An file upload vulnerability in Ivanti ITSM before 2023.4, allows an authenticated remote user to perform file writes to the server. Successful exploitation may lead to execution of commands in the co...
Ivanti Neurons for ITSM<2023.4
CVE-2023-41724
A command injection vulnerability in Ivanti Sentry prior to 9.19.0 allows unauthenticated threat actor to execute arbitrary commands on the underlying operating system of the appliance within the same...
Ivanti Standalone Sentry<9.19.0
CVE-2024-22024
An XML external entity or XXE vulnerability in the SAML component of Ivanti Connect Secure (9.x, 22.x), Ivanti Policy Secure (9.x, 22.x) and ZTA gateways which allows an attacker to access certain res...
Ivanti Connect Secure=9.1-r14.4
Ivanti Connect Secure=9.1-r17.2
Ivanti Connect Secure=9.1-r18.3
Ivanti Connect Secure=22.4-r2.2
Ivanti Connect Secure=22.5-r1.1
Ivanti Connect Secure=22.5-r2.2
and 2 more
CVE-2024-21888
A privilege escalation vulnerability in web component of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure (9.x, 22.x) allows a user to elevate privileges to that of an administrator.
Ivanti Connect Secure=9.0
Ivanti Connect Secure=9.0-r1
Ivanti Connect Secure=9.0-r2
Ivanti Connect Secure=9.0-r2.1
Ivanti Connect Secure=9.0-r3
Ivanti Connect Secure=9.0-r3.1
and 102 more
CVE-2024-21893
Ivanti Connect Secure, Policy Secure, and Neurons Server-Side Request Forgery (SSRF) Vulnerability
Ivanti Connect Secure, Policy Secure, and Neurons
Ivanti Connect Secure=9.0
Ivanti Connect Secure=9.0-r1
Ivanti Connect Secure=9.0-r2
Ivanti Connect Secure=9.0-r2.1
Ivanti Connect Secure=9.0-r3
and 104 more
CVE-2023-41474
Directory Traversal vulnerability in Ivanti Avalanche 6.3.4.153 allows a remote authenticated attacker to obtain sensitive information via the javax.faces.resource component.
Ivanti Avalanche=6.3.4.153
CVE-2023-46805
Ivanti Connect Secure and Policy Secure Authentication Bypass Vulnerability
Ivanti Connect Secure=9.0
Ivanti Connect Secure=9.1-r1
Ivanti Connect Secure=9.1-r10
Ivanti Connect Secure=9.1-r11
Ivanti Connect Secure=9.1-r11.3
Ivanti Connect Secure=9.1-r11.4
and 78 more
CVE-2024-21887
Ivanti Connect Secure and Policy Secure Command Injection Vulnerability
Ivanti Connect Secure=9.0
Ivanti Connect Secure=9.1-r1
Ivanti Connect Secure=9.1-r10
Ivanti Connect Secure=9.1-r11
Ivanti Connect Secure=9.1-r11.3
Ivanti Connect Secure=9.1-r11.4
and 78 more
CVE-2023-39336
An unspecified SQL Injection vulnerability in Ivanti Endpoint Manager released prior to 2022 SU 5 allows an attacker with access to the internal network to execute arbitrary SQL queries and retrieve ...
Ivanti Endpoint Management=2022 Service Update 5
Ivanti Endpoint Manager Mobile
Ivanti Sentry
Ivanti Avalanche
Perforce Helix Core Server
Apache Struts
and 8 more
CVE-2023-46216
An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution.
Ivanti Avalanche<6.4.2
Microsoft Windows
CVE-2023-46225
An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution.
Ivanti Avalanche<6.4.2
Microsoft Windows
CVE-2023-46217
An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution.
Ivanti Avalanche<6.4.2
Microsoft Windows
CVE-2023-46264
An unrestricted upload of file with dangerous type vulnerability exists in Avalanche versions 6.4.1 and below that could allow an attacker to achieve a remove code execution.
Ivanti Avalanche<6.4.2
Microsoft Windows
CVE-2021-22962
An attacker can send a specially crafted request which could lead to leakage of sensitive data or potentially a resource-based DoS attack.
Ivanti Avalanche<6.4.2
CVE-2023-46262
An unauthenticated attacked could send a specifically crafted web request causing a Server-Side Request Forgery (SSRF) in Ivanti Avalanche Remote Control server.
Ivanti Avalanche<=6.4.1
CVE-2023-46261
An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution.
Ivanti Avalanche<6.4.2
Microsoft Windows
CVE-2023-46260
An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution.
Ivanti Avalanche<6.4.2
Microsoft Windows
CVE-2023-46804
An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS).
Ivanti Avalanche<6.4.2
Microsoft Windows
CVE-2023-46259
An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution.
Ivanti Avalanche<6.4.2
Microsoft Windows
CVE-2023-46263
An unrestricted upload of file with dangerous type vulnerability exists in Avalanche versions 6.4.1 and below that could allow an attacker to achieve a remote code execution.
Ivanti Avalanche<6.4.2
Microsoft Windows
CVE-2023-41727
An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution.
Ivanti Avalanche<6.4.2
Microsoft Windows
CVE-2023-46221
An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution.
Ivanti Avalanche<6.4.2
Microsoft Windows
CVE-2023-46258
An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution.
Ivanti Avalanche<6.4.2
Microsoft Windows
CVE-2023-46803
An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS).
Ivanti Avalanche<6.4.2
Microsoft Windows
CVE-2023-46265
An unauthenticated could abuse a XXE vulnerability in the Smart Device Server to leak data or perform a Server-Side Request Forgery (SSRF).
Ivanti Avalanche<=6.4.1
CVE-2023-46257
An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution.
Ivanti Avalanche<6.4.2
Microsoft Windows
CVE-2023-46223
An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution.
Ivanti Avalanche<6.4.2
Microsoft Windows
CVE-2023-46220
An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution.
Ivanti Avalanche<6.4.2
Microsoft Windows
CVE-2023-46222
An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution.
Ivanti Avalanche<6.4.2
Microsoft Windows
CVE-2023-46224
An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution.
Ivanti Avalanche<6.4.2
Microsoft Windows
CVE-2023-46266
An attacker can send a specially crafted request which could lead to leakage of sensitive data or potentially a resource-based DoS attack.
Ivanti Avalanche<=6.4.1
CVE-2023-39340
A vulnerability exists on all versions of Ivanti Connect Secure below 22.6R2 where an attacker can send a specific request which may lead to Denial of Service (DoS) of the appliance.
Ivanti Connect Secure=22.1-r1
Ivanti Connect Secure=22.1-r6
Ivanti Connect Secure=22.2
Ivanti Connect Secure=22.2-r1
Ivanti Connect Secure=22.3-r1
Ivanti Connect Secure=22.4-r1
and 54 more
CVE-2023-41720
A vulnerability exists on all versions of Ivanti Connect Secure below 22.6R2 where an attacker with a foothold on an Ivanti Connect Secure (ICS) appliance can escalate their privileges by exploiting a...
Ivanti Connect Secure=22.1-r1
Ivanti Connect Secure=22.1-r6
Ivanti Connect Secure=22.2
Ivanti Connect Secure=22.2-r1
Ivanti Connect Secure=22.3-r1
Ivanti Connect Secure=22.4-r1
and 6 more
CVE-2023-41719
A vulnerability exists on all versions of Ivanti Connect Secure below 22.6R2 where an attacker impersonating an administrator may craft a specific web request which may lead to remote code execution.
Ivanti Connect Secure=21.9-r1
Ivanti Connect Secure=21.12-r1
Ivanti Connect Secure=22.1-r1
Ivanti Connect Secure=22.1-r6
Ivanti Connect Secure=22.2-r1
Ivanti Connect Secure=22.3-r1
and 47 more
CVE-2023-41718
When a particular process flow is initiated, an attacker may be able to gain unauthorized elevated privileges on the affected system when having control over a specific file.
Ivanti Secure Access Client=22.2-r1
Ivanti Secure Access Client=22.3-r1
Ivanti Secure Access Client=22.3-r2
Ivanti Secure Access Client=22.3-r3
Microsoft Windows
CVE-2023-39335
A security vulnerability has been identified in EPMM Versions 11.10, 11.9 and 11.8 and older allowing an unauthenticated threat actor to impersonate any existing user during the device enrollment proc...
Ivanti Endpoint Manager Mobile<11.9.0
Ivanti Endpoint Manager Mobile>=11.10.0<11.10.0.4
Ivanti Endpoint Manager Mobile>=11.11.0<11.11.0.2
CVE-2023-39337
A security vulnerability in EPMM Versions 11.10, 11.9 and 11.8 older allows a threat actor with knowledge of an enrolled device identifier to access and extract sensitive information, including device...
Ivanti Endpoint Manager Mobile<=11.9.0
Ivanti Endpoint Manager Mobile>=11.10.0<11.10.0.4
Ivanti Endpoint Manager Mobile>=11.11.0<11.11.0.2
CVE-2023-38544
A logged in user can modify specific files that may lead to unauthorized changes in system-wide configuration settings. This vulnerability could be exploited to compromise the integrity and security o...
Ivanti Secure Access Client=22.2-r1
Ivanti Secure Access Client=22.3-r1
Ivanti Secure Access Client=22.3-r2
Ivanti Secure Access Client=22.3-r3
Linux Linux kernel
CVE-2023-38543
A vulnerability exists on all versions of the Ivanti Secure Access Client below 22.6R1.1, which could allow a locally authenticated attacker to exploit a vulnerable configuration, potentially leading ...
Ivanti Secure Access Client<22.6
Ivanti Secure Access Client=22.6-r1
Microsoft Windows
CVE-2023-38043
A vulnerability exists on all versions of the Ivanti Secure Access Client below 22.6R1.1, which could allow a locally authenticated attacker to exploit a vulnerable configuration, potentially leading ...
Ivanti Secure Access Client<22.6
Ivanti Secure Access Client=22.6-r1
Microsoft Windows
CVE-2023-35080
A vulnerability has been identified in the Ivanti Secure Access Windows client, which could allow a locally authenticated attacker to exploit a vulnerable configuration, potentially leading to various...
Ivanti Secure Access Client<22.6
Ivanti Secure Access Client=22.6-r1
Microsoft Windows
CVE-2022-44569
A locally authenticated attacker with low privileges can bypass authentication due to insecure inter-process communication.
Ivanti Automation<2023.4
CVE-2022-43555
Ivanti Avalanche Printer Device Service Missing Authentication Local Privilege Escalation Vulnerability
Ivanti Avalanche<6.4.1.236
CVE-2023-41726
Ivanti Avalanche Incorrect Default Permissions allows Local Privilege Escalation Vulnerability
Ivanti Avalanche<6.4.1.236
CVE-2022-43554
Ivanti Avalanche Smart Device Service Missing Authentication Local Privilege Escalation Vulnerability
Ivanti Avalanche<6.4.1.236
CVE-2023-41725
Ivanti Avalanche EnterpriseServer Service Unrestricted File Upload Local Privilege Escalation Vulnerability
Ivanti Avalanche<6.4.1.236

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203