Vulnerabilities > Ivanti
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-08-10 | CVE-2023-28129 | Unspecified vulnerability in Ivanti Desktop & Server Management 2022.2 DSM 2022.2 SU2 and all prior versions allows a local low privileged account to execute arbitrary OS commands as the DSM software installation user. | 7.8 |
| 2023-08-10 | CVE-2023-32560 | Out-of-bounds Write vulnerability in Ivanti Avalanche An attacker can send a specially crafted message to the Wavelink Avalanche Manager, which could result in service disruption or arbitrary code execution. Thanks to a Researcher at Tenable for finding and reporting. Fixed in version 6.4.1. | 9.8 |
| 2023-08-10 | CVE-2023-32561 | Unspecified vulnerability in Ivanti Avalanche A previously generated artifact by an administrator could be accessed by an attacker. | 7.5 |
| 2023-08-10 | CVE-2023-32562 | Unrestricted Upload of File with Dangerous Type vulnerability in Ivanti Avalanche An unrestricted upload of file with dangerous type vulnerability exists in Avalanche versions 6.3.x and below that could allow an attacker to achieve a remove code execution. | 9.8 |
| 2023-08-10 | CVE-2023-32563 | Path Traversal vulnerability in Ivanti Avalanche An unauthenticated attacker could achieve the code execution through a RemoteControl server. | 9.8 |
| 2023-08-10 | CVE-2023-32564 | Unrestricted Upload of File with Dangerous Type vulnerability in Ivanti Avalanche An unrestricted upload of file with dangerous type vulnerability exists in Avalanche versions 6.4.1 and below that could allow an attacker to achieve a remove code execution. | 9.8 |
| 2023-08-10 | CVE-2023-32565 | Unspecified vulnerability in Ivanti Avalanche An attacker can send a specially crafted request which could lead to leakage of sensitive data or potentially a resource-based DoS attack. | 9.1 |
| 2023-08-10 | CVE-2023-32566 | Unspecified vulnerability in Ivanti Avalanche An attacker can send a specially crafted request which could lead to leakage of sensitive data or potentially a resource-based DoS attack. | 9.1 |
| 2023-08-10 | CVE-2023-32567 | XXE vulnerability in Ivanti Avalanche Ivanti Avalanche decodeToMap XML External Entity Processing. | 9.8 |
| 2023-08-03 | CVE-2023-35081 | Path Traversal vulnerability in Ivanti Endpoint Manager Mobile A path traversal vulnerability in Ivanti EPMM versions (11.10.x < 11.10.0.3, 11.9.x < 11.9.1.2 and 11.8.x < 11.8.1.2) allows an authenticated administrator to write arbitrary files onto the appliance. | 7.2 |