Vulnerabilities > Ivanti

DATE CVE VULNERABILITY TITLE RISK
2023-03-29 CVE-2022-36973 SQL Injection vulnerability in Ivanti Avalanche 6.3.2.3490/6.3.3/6.3.3.101
This vulnerability allows remote attackers to bypass authentication on affected installations of Ivanti Avalanche 6.3.2.3490.
network
low complexity
ivanti CWE-89
8.8
8.8
2023-03-29 CVE-2022-36974 Deserialization of Untrusted Data vulnerability in Ivanti Avalanche 6.3.2.3490/6.3.3/6.3.3.101
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Avalanche 6.3.2.3490.
network
low complexity
ivanti CWE-502
critical
 9.8
9.8
2023-03-29 CVE-2022-36975 SQL Injection vulnerability in Ivanti Avalanche 6.3.2.3490/6.3.3/6.3.3.101
This vulnerability allows remote attackers to bypass authentication on affected installations of Ivanti Avalanche 6.3.2.3490.
network
low complexity
ivanti CWE-89
critical
 9.8
9.8
2023-03-29 CVE-2022-36976 SQL Injection vulnerability in Ivanti Avalanche 6.3.2.3490/6.3.3/6.3.3.101
This vulnerability allows remote attackers to bypass authentication on affected installations of Ivanti Avalanche 6.3.2.3490.
network
low complexity
ivanti CWE-89
critical
 9.8
9.8
2023-03-29 CVE-2022-36977 Deserialization of Untrusted Data vulnerability in Ivanti Avalanche 6.3.2.3490/6.3.3/6.3.3.101
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Avalanche 6.3.2.3490.
network
low complexity
ivanti CWE-502
critical
 9.8
9.8
2023-03-29 CVE-2022-36978 Deserialization of Untrusted Data vulnerability in Ivanti Avalanche 6.3.2.3490/6.3.3/6.3.3.101
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Avalanche 6.3.2.3490.
network
low complexity
ivanti CWE-502
critical
 9.8
9.8
2023-03-29 CVE-2022-36979 SQL Injection vulnerability in Ivanti Avalanche 6.3.2.3490/6.3.3/6.3.3.101
This vulnerability allows remote attackers to bypass authentication on affected installations of Ivanti Avalanche 6.3.2.3490.
network
low complexity
ivanti CWE-89
critical
 9.8
9.8
2023-03-29 CVE-2022-36980 Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Ivanti Avalanche 6.3.2.3490/6.3.3/6.3.3.101
This vulnerability allows remote attackers to bypass authentication on affected installations of Ivanti Avalanche 6.3.2.3490.
network
high complexity
ivanti CWE-367
8.1
8.1
2023-03-29 CVE-2022-36981 Path Traversal vulnerability in Ivanti Avalanche 6.3.3.101
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Avalanche 6.3.3.101.
network
low complexity
ivanti CWE-22
critical
 9.8
9.8
2023-03-29 CVE-2022-36982 Path Traversal vulnerability in Ivanti Avalanche 6.3.3.101
This vulnerability allows remote attackers to read arbitrary files on affected installations of Ivanti Avalanche 6.3.3.101.
network
low complexity
ivanti CWE-22
7.5
7.5