Vulnerabilities > Ivanti

DATE CVE VULNERABILITY TITLE RISK
2023-11-15 CVE-2023-39335 Unspecified vulnerability in Ivanti Endpoint Manager Mobile
A security vulnerability has been identified in EPMM Versions 11.10, 11.9 and 11.8 and older allowing an unauthenticated threat actor to impersonate any existing user during the device enrollment process.
network
low complexity
ivanti
critical
9.8
2023-11-15 CVE-2023-39337 Unspecified vulnerability in Ivanti Endpoint Manager Mobile
A security vulnerability in EPMM Versions 11.10, 11.9 and 11.8 older allows a threat actor with knowledge of an enrolled device identifier to access and extract sensitive information, including device and environment configuration details, as well as secrets.
network
low complexity
ivanti
critical
9.1
2023-11-15 CVE-2023-41718 Unspecified vulnerability in Ivanti Secure Access Client 22.2/22.3
When a particular process flow is initiated, an attacker may be able to gain unauthorized elevated privileges on the affected system when having control over a specific file.
local
low complexity
ivanti
7.8
2023-11-03 CVE-2022-43554 Missing Authentication for Critical Function vulnerability in Ivanti Avalanche
Ivanti Avalanche Smart Device Service Missing Authentication Local Privilege Escalation Vulnerability
local
low complexity
ivanti CWE-306
7.8
2023-11-03 CVE-2022-43555 Missing Authentication for Critical Function vulnerability in Ivanti Avalanche
Ivanti Avalanche Printer Device Service Missing Authentication Local Privilege Escalation Vulnerability
local
low complexity
ivanti CWE-306
7.8
2023-11-03 CVE-2022-44569 Improper Authentication vulnerability in Ivanti Automation
A locally authenticated attacker with low privileges can bypass authentication due to insecure inter-process communication.
local
low complexity
ivanti CWE-287
7.8
2023-11-03 CVE-2023-41725 Unrestricted Upload of File with Dangerous Type vulnerability in Ivanti Avalanche
Ivanti Avalanche EnterpriseServer Service Unrestricted File Upload Local Privilege Escalation Vulnerability
local
low complexity
ivanti CWE-434
7.8
2023-11-03 CVE-2023-41726 Incorrect Default Permissions vulnerability in Ivanti Avalanche
Ivanti Avalanche Incorrect Default Permissions allows Local Privilege Escalation Vulnerability
local
low complexity
ivanti CWE-276
7.8
2023-10-25 CVE-2023-38041 Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Ivanti Secure Access Client 22.2/22.3/22.5
A logged in user may elevate its permissions by abusing a Time-of-Check to Time-of-Use (TOCTOU) race condition.
local
high complexity
ivanti CWE-367
7.0
2023-10-18 CVE-2023-35083 Unspecified vulnerability in Ivanti Endpoint Manager
Allows an authenticated attacker with network access to read arbitrary files on Endpoint Manager recently discovered on 2022 SU3 and all previous versions potentially leading to the leakage of sensitive information.
network
low complexity
ivanti
6.5