Vulnerabilities > Ivanti

DATE CVE VULNERABILITY TITLE RISK
2023-03-29 CVE-2022-36978 Unspecified vulnerability in Ivanti Avalanche 6.3.2.3490/6.3.3/6.3.3.101
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Avalanche 6.3.2.3490.
network
low complexity
ivanti
critical
9.8
2023-03-29 CVE-2022-36979 Unspecified vulnerability in Ivanti Avalanche 6.3.2.3490/6.3.3/6.3.3.101
This vulnerability allows remote attackers to bypass authentication on affected installations of Ivanti Avalanche 6.3.2.3490.
network
low complexity
ivanti
critical
9.8
2023-03-29 CVE-2022-36980 Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Ivanti Avalanche 6.3.2.3490/6.3.3/6.3.3.101
This vulnerability allows remote attackers to bypass authentication on affected installations of Ivanti Avalanche 6.3.2.3490.
network
high complexity
ivanti CWE-367
8.1
2023-03-29 CVE-2022-36981 Unspecified vulnerability in Ivanti Avalanche 6.3.3.101
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Avalanche 6.3.3.101.
network
low complexity
ivanti
critical
9.8
2023-03-29 CVE-2022-36982 Unspecified vulnerability in Ivanti Avalanche 6.3.3.101
This vulnerability allows remote attackers to read arbitrary files on affected installations of Ivanti Avalanche 6.3.3.101.
network
low complexity
ivanti
7.5
2023-03-29 CVE-2022-36983 Unspecified vulnerability in Ivanti Avalanche 6.3.3.101
This vulnerability allows remote attackers to bypass authentication on affected installations of Ivanti Avalanche.
network
low complexity
ivanti
critical
9.8
2023-03-10 CVE-2022-44574 Improper Authentication vulnerability in Ivanti Avalanche
An improper authentication vulnerability exists in Avalanche version 6.3.x and below allows unauthenticated attacker to modify properties on specific port.
network
low complexity
ivanti CWE-287
7.5
2022-12-05 CVE-2022-27773 Unspecified vulnerability in Ivanti Endpoint Manager
A privilege escalation vulnerability is identified in Ivanti EPM (LANDesk Management Suite) that allows a user to execute commands with elevated privileges.
network
low complexity
ivanti
critical
9.8
2022-12-05 CVE-2022-35254 Resource Exhaustion vulnerability in Ivanti Connect Secure and Policy Secure
An unauthenticated attacker can cause a denial-of-service to the following products: Ivanti Connect Secure (ICS) in versions prior to 9.1R14.3, 9.1R15.2, 9.1R16.2, and 22.2R4, Ivanti Policy Secure (IPS) in versions prior to 9.1R17 and 22.3R1, and Ivanti Neurons for Zero-Trust Access in versions prior to 22.3R1.
network
low complexity
ivanti CWE-400
7.5
2022-12-05 CVE-2022-35258 Incorrect Calculation vulnerability in Ivanti Connect Secure and Policy Secure
An unauthenticated attacker can cause a denial-of-service to the following products: Ivanti Connect Secure (ICS) in versions prior to 9.1R14.3, 9.1R15.2, 9.1R16.2, and 22.2R4, Ivanti Policy Secure (IPS) in versions prior to 9.1R17 and 22.3R1, and Ivanti Neurons for Zero-Trust Access in versions prior to 22.3R1.
network
low complexity
ivanti CWE-682
7.5