Vulnerabilities > Ivanti
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-09-21 | CVE-2023-38343 | XXE vulnerability in Ivanti Endpoint Manager An XXE (XML external entity injection) vulnerability exists in the CSEP component of Ivanti Endpoint Manager before 2022 SU4. | 7.5 |
| 2023-09-21 | CVE-2023-38344 | Unspecified vulnerability in Ivanti Endpoint Manager An issue was discovered in Ivanti Endpoint Manager before 2022 SU4. | 6.5 |
| 2023-08-21 | CVE-2023-38035 | Incorrect Authorization vulnerability in Ivanti Mobileiron Sentry A security vulnerability in MICS Admin Portal in Ivanti MobileIron Sentry versions 9.18.0 and below, which may allow an attacker to bypass authentication controls on the administrative interface due to an insufficiently restrictive Apache HTTPD configuration. | 9.8 |
| 2023-08-15 | CVE-2023-35082 | Improper Authentication vulnerability in Ivanti Endpoint Manager Mobile An authentication bypass vulnerability in Ivanti EPMM 11.10 and older, allows unauthorized users to access restricted functionality or resources of the application without proper authentication. | 9.8 |
| 2023-08-10 | CVE-2023-28129 | Unspecified vulnerability in Ivanti Desktop & Server Management 2022.2 Desktop & Server Management (DSM) may have a possible execution of arbitrary commands. | 7.8 |
| 2023-08-10 | CVE-2023-32560 | Out-of-bounds Write vulnerability in Ivanti Avalanche An attacker can send a specially crafted message to the Wavelink Avalanche Manager, which could result in service disruption or arbitrary code execution. Thanks to a Researcher at Tenable for finding and reporting. Fixed in version 6.4.1. | 9.8 |
| 2023-08-10 | CVE-2023-32561 | Unspecified vulnerability in Ivanti Avalanche A previously generated artifact by an administrator could be accessed by an attacker. | 7.5 |
| 2023-08-10 | CVE-2023-32562 | Unrestricted Upload of File with Dangerous Type vulnerability in Ivanti Avalanche An unrestricted upload of file with dangerous type vulnerability exists in Avalanche versions 6.3.x and below that could allow an attacker to achieve a remove code execution. | 9.8 |
| 2023-08-10 | CVE-2023-32563 | Path Traversal vulnerability in Ivanti Avalanche An unauthenticated attacker could achieve the code execution through a RemoteControl server. | 9.8 |
| 2023-08-10 | CVE-2023-32564 | Unrestricted Upload of File with Dangerous Type vulnerability in Ivanti Avalanche An unrestricted upload of file with dangerous type vulnerability exists in Avalanche versions 6.4.1 and below that could allow an attacker to achieve a remove code execution. | 9.8 |