Vulnerabilities > Ivanti

DATE CVE VULNERABILITY TITLE RISK
2023-10-18 CVE-2023-35084 Deserialization of Untrusted Data vulnerability in Ivanti Endpoint Manager
Unsafe Deserialization of User Input could lead to Execution of Unauthorized Operations in Ivanti Endpoint Manager 2022 su3 and all previous versions, which could allow an attacker to execute commands remotely.
network
low complexity
ivanti CWE-502
critical
9.8
2023-09-21 CVE-2023-38343 XXE vulnerability in Ivanti Endpoint Manager
An XXE (XML external entity injection) vulnerability exists in the CSEP component of Ivanti Endpoint Manager before 2022 SU4.
network
low complexity
ivanti CWE-611
7.5
2023-09-21 CVE-2023-38344 Unspecified vulnerability in Ivanti Endpoint Manager
An issue was discovered in Ivanti Endpoint Manager before 2022 SU4.
network
low complexity
ivanti
6.5
2023-08-21 CVE-2023-38035 Incorrect Authorization vulnerability in Ivanti Mobileiron Sentry
A security vulnerability in MICS Admin Portal in Ivanti MobileIron Sentry versions 9.18.0 and below, which may allow an attacker to bypass authentication controls on the administrative interface due to an insufficiently restrictive Apache HTTPD configuration.
network
low complexity
ivanti CWE-863
critical
9.8
2023-08-15 CVE-2023-35082 Improper Authentication vulnerability in Ivanti Endpoint Manager Mobile
An authentication bypass vulnerability in Ivanti EPMM 11.10 and older, allows unauthorized users to access restricted functionality or resources of the application without proper authentication.
network
low complexity
ivanti CWE-287
critical
9.8
2023-08-10 CVE-2023-28129 Unspecified vulnerability in Ivanti Desktop & Server Management 2022.2
DSM 2022.2 SU2 and all prior versions allows a local low privileged account to execute arbitrary OS commands as the DSM software installation user.
local
low complexity
ivanti
7.8
2023-08-10 CVE-2023-32560 Out-of-bounds Write vulnerability in Ivanti Avalanche
An attacker can send a specially crafted message to the Wavelink Avalanche Manager, which could result in service disruption or arbitrary code execution. Thanks to a Researcher at Tenable for finding and reporting. Fixed in version 6.4.1.
network
low complexity
ivanti CWE-787
critical
9.8
2023-08-10 CVE-2023-32561 Unspecified vulnerability in Ivanti Avalanche
A previously generated artifact by an administrator could be accessed by an attacker.
network
low complexity
ivanti
7.5
2023-08-10 CVE-2023-32562 Unrestricted Upload of File with Dangerous Type vulnerability in Ivanti Avalanche
An unrestricted upload of file with dangerous type vulnerability exists in Avalanche versions 6.3.x and below that could allow an attacker to achieve a remove code execution.
network
low complexity
ivanti CWE-434
critical
9.8
2023-08-10 CVE-2023-32563 Path Traversal vulnerability in Ivanti Avalanche
An unauthenticated attacker could achieve the code execution through a RemoteControl server.
network
low complexity
ivanti CWE-22
critical
9.8