Vulnerabilities > Ivanti
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-11-15 | CVE-2023-38043 | Unspecified vulnerability in Ivanti Secure Access Client A vulnerability exists on all versions of the Ivanti Secure Access Client below 22.6R1.1, which could allow a locally authenticated attacker to exploit a vulnerable configuration, potentially leading to a denial of service (DoS) condition on the user machine and, in some cases, resulting in a full compromise of the system. | 7.8 |
| 2023-11-15 | CVE-2023-38543 | Unspecified vulnerability in Ivanti Secure Access Client A vulnerability exists on all versions of the Ivanti Secure Access Client below 22.6R1.1, which could allow a locally authenticated attacker to exploit a vulnerable configuration, potentially leading to a denial of service (DoS) condition on the user machine. | 7.8 |
| 2023-11-15 | CVE-2023-38544 | Unspecified vulnerability in Ivanti Secure Access Client 22.2/22.3 A logged in user can modify specific files that may lead to unauthorized changes in system-wide configuration settings. | 5.5 |
| 2023-11-15 | CVE-2023-39335 | Unspecified vulnerability in Ivanti Endpoint Manager Mobile A security vulnerability has been identified in EPMM Versions 11.10, 11.9 and 11.8 and older allowing an unauthenticated threat actor to impersonate any existing user during the device enrollment process. | 9.8 |
| 2023-11-15 | CVE-2023-39337 | Unspecified vulnerability in Ivanti Endpoint Manager Mobile A security vulnerability in EPMM Versions 11.10, 11.9 and 11.8 older allows a threat actor with knowledge of an enrolled device identifier to access and extract sensitive information, including device and environment configuration details, as well as secrets. | 9.1 |
| 2023-11-15 | CVE-2023-41718 | Unspecified vulnerability in Ivanti Secure Access Client 22.2/22.3 When a particular process flow is initiated, an attacker may be able to gain unauthorized elevated privileges on the affected system when having control over a specific file. | 7.8 |
| 2023-11-03 | CVE-2022-43554 | Missing Authentication for Critical Function vulnerability in Ivanti Avalanche Ivanti Avalanche Smart Device Service Missing Authentication Local Privilege Escalation Vulnerability | 7.8 |
| 2023-11-03 | CVE-2022-43555 | Missing Authentication for Critical Function vulnerability in Ivanti Avalanche Ivanti Avalanche Printer Device Service Missing Authentication Local Privilege Escalation Vulnerability | 7.8 |
| 2023-11-03 | CVE-2022-44569 | Improper Authentication vulnerability in Ivanti Automation A locally authenticated attacker with low privileges can bypass authentication due to insecure inter-process communication. | 7.8 |
| 2023-11-03 | CVE-2023-41725 | Unrestricted Upload of File with Dangerous Type vulnerability in Ivanti Avalanche Ivanti Avalanche EnterpriseServer Service Unrestricted File Upload Local Privilege Escalation Vulnerability | 7.8 |