Vulnerabilities > Ivanti
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-03-29 | CVE-2022-36978 | Unspecified vulnerability in Ivanti Avalanche 6.3.2.3490/6.3.3/6.3.3.101 This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Avalanche 6.3.2.3490. | 9.8 |
2023-03-29 | CVE-2022-36979 | Unspecified vulnerability in Ivanti Avalanche 6.3.2.3490/6.3.3/6.3.3.101 This vulnerability allows remote attackers to bypass authentication on affected installations of Ivanti Avalanche 6.3.2.3490. | 9.8 |
2023-03-29 | CVE-2022-36980 | Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Ivanti Avalanche 6.3.2.3490/6.3.3/6.3.3.101 This vulnerability allows remote attackers to bypass authentication on affected installations of Ivanti Avalanche 6.3.2.3490. | 8.1 |
2023-03-29 | CVE-2022-36981 | Unspecified vulnerability in Ivanti Avalanche 6.3.3.101 This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Avalanche 6.3.3.101. | 9.8 |
2023-03-29 | CVE-2022-36982 | Unspecified vulnerability in Ivanti Avalanche 6.3.3.101 This vulnerability allows remote attackers to read arbitrary files on affected installations of Ivanti Avalanche 6.3.3.101. | 7.5 |
2023-03-29 | CVE-2022-36983 | Unspecified vulnerability in Ivanti Avalanche 6.3.3.101 This vulnerability allows remote attackers to bypass authentication on affected installations of Ivanti Avalanche. | 9.8 |
2023-03-10 | CVE-2022-44574 | Improper Authentication vulnerability in Ivanti Avalanche An improper authentication vulnerability exists in Avalanche version 6.3.x and below allows unauthenticated attacker to modify properties on specific port. | 7.5 |
2022-12-05 | CVE-2022-27773 | Unspecified vulnerability in Ivanti Endpoint Manager A privilege escalation vulnerability is identified in Ivanti EPM (LANDesk Management Suite) that allows a user to execute commands with elevated privileges. | 9.8 |
2022-12-05 | CVE-2022-35254 | Resource Exhaustion vulnerability in Ivanti Connect Secure and Policy Secure An unauthenticated attacker can cause a denial-of-service to the following products: Ivanti Connect Secure (ICS) in versions prior to 9.1R14.3, 9.1R15.2, 9.1R16.2, and 22.2R4, Ivanti Policy Secure (IPS) in versions prior to 9.1R17 and 22.3R1, and Ivanti Neurons for Zero-Trust Access in versions prior to 22.3R1. | 7.5 |
2022-12-05 | CVE-2022-35258 | Incorrect Calculation vulnerability in Ivanti Connect Secure and Policy Secure An unauthenticated attacker can cause a denial-of-service to the following products: Ivanti Connect Secure (ICS) in versions prior to 9.1R14.3, 9.1R15.2, 9.1R16.2, and 22.2R4, Ivanti Policy Secure (IPS) in versions prior to 9.1R17 and 22.3R1, and Ivanti Neurons for Zero-Trust Access in versions prior to 22.3R1. | 7.5 |