Vulnerabilities > Ivanti
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2025-01-08 | CVE-2025-0283 | Out-of-bounds Write vulnerability in Ivanti Connect Secure 7.1/7.4 A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.5, Ivanti Policy Secure before version 22.7R1.2, and Ivanti Neurons for ZTA gateways before version 22.7R2.3 allows a local authenticated attacker to escalate their privileges. | 7.0 |
| 2024-12-11 | CVE-2024-10251 | Incorrect Default Permissions vulnerability in Ivanti Security Controls Under specific circumstances, insecure permissions in Ivanti Security Controls before version 2024.4.1 allows a local authenticated attacker to achieve local privilege escalation. | 7.8 |
| 2024-12-11 | CVE-2024-11597 | Incorrect Default Permissions vulnerability in Ivanti Performance Manager 2023.3/2024.1/2024.3 Under specific circumstances, insecure permissions in Ivanti Performance Manager before version 2024.3 HF1, 2024.1 HF1, or 2023.3 HF1 allows a local authenticated attacker to achieve local privilege escalation. | 7.8 |
| 2024-12-11 | CVE-2024-11598 | Incorrect Default Permissions vulnerability in Ivanti Application Control 2023.3/2024.1/2024.3 Under specific circumstances, insecure permissions in Ivanti Application Control before version 2024.3 HF1, 2024.1 HF2, or 2023.3 HF3 allows a local authenticated attacker to achieve local privilege escalation. | 7.8 |
| 2024-12-11 | CVE-2024-8496 | Incorrect Default Permissions vulnerability in Ivanti Workspace Control Under specific circumstances, insecure permissions in Ivanti Workspace Control before version 10.18.40.0 allows a local authenticated attacker to achieve local privilege escalation. | 7.8 |
| 2024-12-11 | CVE-2024-9845 | Incorrect Default Permissions vulnerability in Ivanti Automation Under specific circumstances, insecure permissions in Ivanti Automation before version 2024.4.0.1 allows a local authenticated attacker to achieve local privilege escalation. | 7.8 |
| 2024-12-10 | CVE-2024-11633 | Argument Injection or Modification vulnerability in Ivanti Connect Secure Argument injection in Ivanti Connect Secure before version 22.7R2.4 allows a remote authenticated attacker with admin privileges to achieve remote code execution | 7.2 |
| 2024-12-10 | CVE-2024-11634 | Command Injection vulnerability in Ivanti Connect Secure 22.7/7.1/7.4 Command injection in Ivanti Connect Secure before version 22.7R2.3 and Ivanti Policy Secure before version 22.7R1.2 allows a remote authenticated attacker with admin privileges to achieve remote code execution. | 7.2 |
| 2024-12-10 | CVE-2024-11639 | Missing Authentication for Critical Function vulnerability in Ivanti Cloud Services Appliance 4.5/4.6/5.0 An authentication bypass in the admin web console of Ivanti CSA before 5.0.3 allows a remote unauthenticated attacker to gain administrative access | 9.8 |
| 2024-12-10 | CVE-2024-11772 | Command Injection vulnerability in Ivanti Cloud Services Appliance 4.5/4.6/5.0 Command injection in the admin web console of Ivanti CSA before version 5.0.3 allows a remote authenticated attacker with admin privileges to achieve remote code execution. | 7.2 |