Vulnerabilities > Ivanti
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-10-18 | CVE-2023-35084 | Deserialization of Untrusted Data vulnerability in Ivanti Endpoint Manager Unsafe Deserialization of User Input could lead to Execution of Unauthorized Operations in Ivanti Endpoint Manager 2022 su3 and all previous versions, which could allow an attacker to execute commands remotely. | 9.8 |
2023-09-21 | CVE-2023-38343 | XXE vulnerability in Ivanti Endpoint Manager An XXE (XML external entity injection) vulnerability exists in the CSEP component of Ivanti Endpoint Manager before 2022 SU4. | 7.5 |
2023-09-21 | CVE-2023-38344 | Unspecified vulnerability in Ivanti Endpoint Manager An issue was discovered in Ivanti Endpoint Manager before 2022 SU4. | 6.5 |
2023-08-21 | CVE-2023-38035 | Incorrect Authorization vulnerability in Ivanti Mobileiron Sentry A security vulnerability in MICS Admin Portal in Ivanti MobileIron Sentry versions 9.18.0 and below, which may allow an attacker to bypass authentication controls on the administrative interface due to an insufficiently restrictive Apache HTTPD configuration. | 9.8 |
2023-08-15 | CVE-2023-35082 | Improper Authentication vulnerability in Ivanti Endpoint Manager Mobile An authentication bypass vulnerability in Ivanti EPMM 11.10 and older, allows unauthorized users to access restricted functionality or resources of the application without proper authentication. | 9.8 |
2023-08-10 | CVE-2023-28129 | Unspecified vulnerability in Ivanti Desktop & Server Management 2022.2 DSM 2022.2 SU2 and all prior versions allows a local low privileged account to execute arbitrary OS commands as the DSM software installation user. | 7.8 |
2023-08-10 | CVE-2023-32560 | Out-of-bounds Write vulnerability in Ivanti Avalanche An attacker can send a specially crafted message to the Wavelink Avalanche Manager, which could result in service disruption or arbitrary code execution. Thanks to a Researcher at Tenable for finding and reporting. Fixed in version 6.4.1. | 9.8 |
2023-08-10 | CVE-2023-32561 | Unspecified vulnerability in Ivanti Avalanche A previously generated artifact by an administrator could be accessed by an attacker. | 7.5 |
2023-08-10 | CVE-2023-32562 | Unrestricted Upload of File with Dangerous Type vulnerability in Ivanti Avalanche An unrestricted upload of file with dangerous type vulnerability exists in Avalanche versions 6.3.x and below that could allow an attacker to achieve a remove code execution. | 9.8 |
2023-08-10 | CVE-2023-32563 | Path Traversal vulnerability in Ivanti Avalanche An unauthenticated attacker could achieve the code execution through a RemoteControl server. | 9.8 |