Vulnerabilities > Ivanti
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2025-02-11 | CVE-2024-13813 | Incorrect Permission Assignment for Critical Resource vulnerability in Ivanti Secure Access Client Insufficient permissions in Ivanti Secure Access Client before version 22.8R1 allows a local authenticated attacker to delete arbitrary files. | 7.1 |
| 2025-02-11 | CVE-2024-13830 | Cross-site Scripting vulnerability in Ivanti Connect Secure 22.7/7.1/7.4 Reflected XSS in Ivanti Connect Secure before version 22.7R2.6 and Ivanti Policy Secure before version 22.7R1.3 allows a remote unauthenticated attacker to obtain admin privileges. | 6.1 |
| 2025-02-11 | CVE-2024-13842 | Use of Hard-coded Cryptographic Key vulnerability in Ivanti Connect Secure 22.7/7.1/7.4 A hardcoded key in Ivanti Connect Secure before version 22.7R2.3 and Ivanti Policy Secure before version 22.7R1.3 allows a local authenticated attacker with admin privileges to read sensitive data. | 4.4 |
| 2025-02-11 | CVE-2024-13843 | Cleartext Storage of Sensitive Information vulnerability in Ivanti Connect Secure 22.7/7.1/7.4 Cleartext storage of information in Ivanti Connect Secure before version 22.7R2.6 and Ivanti Policy Secure before version 22.7R1.3 allows a local authenticated attacker with admin privileges to read sensitive data. | 4.4 |
| 2025-02-11 | CVE-2024-47908 | OS Command Injection vulnerability in Ivanti Cloud Services Appliance OS command injection in the admin web console of Ivanti CSA before version 5.0.5 allows a remote authenticated attacker with admin privileges to achieve remote code execution. | 7.2 |
| 2025-02-11 | CVE-2025-22467 | Stack-based Buffer Overflow vulnerability in Ivanti Connect Secure A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.6 allows a remote authenticated attacker to achieve remote code execution. | 8.8 |
| 2025-01-14 | CVE-2024-13159 | Unspecified vulnerability in Ivanti Endpoint Manager 2021.1.1/2022/2024 Absolute path traversal in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to leak sensitive information. | 7.5 |
| 2025-01-14 | CVE-2024-13160 | Unspecified vulnerability in Ivanti Endpoint Manager 2021.1.1/2022/2024 Absolute path traversal in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to leak sensitive information. | 7.5 |
| 2025-01-14 | CVE-2024-13161 | Unspecified vulnerability in Ivanti Endpoint Manager 2021.1.1/2022/2024 Absolute path traversal in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to leak sensitive information. | 7.5 |
| 2025-01-14 | CVE-2024-13179 | Path Traversal vulnerability in Ivanti Avalanche Path Traversal in Ivanti Avalanche before version 6.4.7 allows a remote unauthenticated attacker to bypass authentication. | 9.8 |