Vulnerabilities > Ivanti

DATE CVE VULNERABILITY TITLE RISK
2019-05-08 CVE-2019-11507 Cross-site Scripting vulnerability in Ivanti Connect Secure 8.3/9.0
In Pulse Secure Pulse Connect Secure (PCS) 8.3.x before 8.3R7.1 and 9.0.x before 9.0R3, an XSS issue has been found on the Application Launcher page.
network
low complexity
ivanti CWE-79
6.1
2019-04-26 CVE-2019-11543 Cross-site Scripting vulnerability in multiple products
XSS exists in the admin web console in Pulse Secure Pulse Connect Secure (PCS) 9.0RX before 9.0R3.4, 8.3RX before 8.3R7.1, and 8.1RX before 8.1R15.1 and Pulse Policy Secure 9.0RX before 9.0R3.2, 5.4RX before 5.4R7.1, and 5.2RX before 5.2R12.1.
network
low complexity
pulsesecure ivanti CWE-79
6.1
2019-04-26 CVE-2019-11542 Out-of-bounds Write vulnerability in multiple products
In Pulse Secure Pulse Connect Secure version 9.0RX before 9.0R3.4, 8.3RX before 8.3R7.1, 8.2RX before 8.2R12.1, and 8.1RX before 8.1R15.1 and Pulse Policy Secure version 9.0RX before 9.0R3.2, 5.4RX before 5.4R7.1, 5.3RX before 5.3R12.1, 5.2RX before 5.2R12.1, and 5.1RX before 5.1R15.1, an authenticated attacker (via the admin web interface) can send a specially crafted message resulting in a stack buffer overflow.
network
low complexity
pulsesecure ivanti CWE-787
7.2
2019-04-26 CVE-2019-11541 In Pulse Secure Pulse Connect Secure version 9.0RX before 9.0R3.4, 8.3RX before 8.3R7.1, and 8.2RX before 8.2R12.1, users using SAML authentication with the Reuse Existing NC (Pulse) Session option may see authentication leaks.
network
low complexity
pulsesecure ivanti
7.5
2019-04-26 CVE-2019-11540 In Pulse Secure Pulse Connect Secure version 9.0RX before 9.0R3.4 and 8.3RX before 8.3R7.1 and Pulse Policy Secure version 9.0RX before 9.0R3.2 and 5.4RX before 5.4R7.1, an unauthenticated, remote attacker can conduct a session hijacking attack.
network
low complexity
pulsesecure ivanti
critical
9.8
2019-04-26 CVE-2019-11539 OS Command Injection vulnerability in multiple products
In Pulse Secure Pulse Connect Secure version 9.0RX before 9.0R3.4, 8.3RX before 8.3R7.1, 8.2RX before 8.2R12.1, and 8.1RX before 8.1R15.1 and Pulse Policy Secure version 9.0RX before 9.0R3.2, 5.4RX before 5.4R7.1, 5.3RX before 5.3R12.1, 5.2RX before 5.2R12.1, and 5.1RX before 5.1R15.1, the admin web interface allows an authenticated attacker to inject and execute commands.
network
low complexity
pulsesecure ivanti CWE-78
7.2
2019-04-26 CVE-2019-11538 Link Following vulnerability in Ivanti Connect Secure
In Pulse Secure Pulse Connect Secure version 9.0RX before 9.0R3.4, 8.3RX before 8.3R7.1, 8.2RX before 8.2R12.1, and 8.1RX before 8.1R15.1, an NFS problem could allow an authenticated attacker to access the contents of arbitrary files on the affected device.
network
low complexity
ivanti CWE-59
7.7
2019-04-12 CVE-2019-11213 Session Fixation vulnerability in multiple products
In Pulse Secure Pulse Desktop Client and Network Connect, an attacker could access session tokens to replay and spoof sessions, and as a result, gain unauthorized access as an end user, a related issue to CVE-2019-1573.
network
high complexity
pulsesecure ivanti CWE-384
8.1
2019-04-05 CVE-2019-10885 Permissions, Privileges, and Access Controls vulnerability in Ivanti Workspace Control
An issue was discovered in Ivanti Workspace Control before 10.3.90.0.
local
low complexity
ivanti CWE-264
7.8
2018-10-15 CVE-2018-15593 Unspecified vulnerability in Ivanti Workspace Control
An issue was discovered in Ivanti Workspace Control before 10.3.10.0 and RES One Workspace.
local
low complexity
ivanti
7.8