Vulnerabilities > Ivanti

DATE CVE VULNERABILITY TITLE RISK
2021-08-16 CVE-2021-22938 Command Injection vulnerability in multiple products
A vulnerability in Pulse Connect Secure before 9.1R12 could allow an authenticated administrator to perform command injection via an unsanitized web parameter in the administrator web console.
network
low complexity
pulsesecure ivanti CWE-77
7.2
2021-07-22 CVE-2021-3198 OS Command Injection vulnerability in Ivanti Mobileiron 10.7.0.19/11.0.0.0
By abusing the 'install rpm url' command, an attacker can escape the restricted clish shell on affected versions of Ivanti MobileIron Core.
network
low complexity
ivanti CWE-78
7.2
2021-07-22 CVE-2021-3540 Argument Injection or Modification vulnerability in Ivanti Mobileiron 10.7.0.19/11.0.0.0
By abusing the 'install rpm info detail' command, an attacker can escape the restricted clish shell on affected versions of Ivanti MobileIron Core.
network
low complexity
ivanti CWE-88
7.2
2021-05-27 CVE-2021-22894 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
A buffer overflow vulnerability exists in Pulse Connect Secure before 9.1R11.4 allows a remote authenticated attacker to execute arbitrary code as the root user via maliciously crafted meeting room.
network
low complexity
pulsesecure ivanti CWE-119
8.8
2021-05-27 CVE-2021-22899 Command Injection vulnerability in multiple products
A command injection vulnerability exists in Pulse Connect Secure before 9.1R11.4 allows a remote authenticated attacker to perform remote code execution via Windows Resource Profiles Feature
network
low complexity
pulsesecure ivanti CWE-77
8.8
2021-05-27 CVE-2021-22900 Incorrect Resource Transfer Between Spheres vulnerability in multiple products
A vulnerability allowed multiple unrestricted uploads in Pulse Connect Secure before 9.1R11.4 that could lead to an authenticated administrator to perform a file write via a maliciously crafted archive upload in the administrator web interface.
network
low complexity
pulsesecure ivanti CWE-669
7.2
2021-05-27 CVE-2021-22908 Classic Buffer Overflow vulnerability in multiple products
A buffer overflow vulnerability exists in Windows File Resource Profiles in 9.X allows a remote authenticated user with privileges to browse SMB shares to execute arbitrary code as the root user.
network
low complexity
pulsesecure ivanti CWE-120
8.8
2021-04-23 CVE-2021-22893 Use After Free vulnerability in Ivanti Connect Secure 9.0/9.1
Pulse Connect Secure 9.0R3/9.1R1 and higher is vulnerable to an authentication bypass vulnerability exposed by the Windows File Share Browser and Pulse Secure Collaboration features of Pulse Connect Secure that can allow an unauthenticated user to perform remote arbitrary code execution on the Pulse Connect Secure gateway.
network
low complexity
ivanti CWE-416
critical
10.0
2020-11-16 CVE-2020-13773 Cross-site Scripting vulnerability in Ivanti Endpoint Manager
Ivanti Endpoint Manager through 2020.1.1 allows XSS via /LDMS/frm_splitfrm.aspx, /LDMS/licensecheck.aspx, /LDMS/frm_splitcollapse.aspx, /LDMS/alert_log.aspx, /LDMS/ServerList.aspx, /LDMS/frm_coremainfrm.aspx, /LDMS/frm_findfrm.aspx, /LDMS/frm_taskfrm.aspx, and /LDMS/query_browsecomp.aspx.
network
low complexity
ivanti CWE-79
5.4
2020-11-16 CVE-2020-13772 Unspecified vulnerability in Ivanti Endpoint Manager
In /ldclient/ldprov.cgi in Ivanti Endpoint Manager through 2020.1.1, an attacker is able to disclose information about the server operating system, local pathnames, and environment variables with no authentication required.
network
low complexity
ivanti
5.3