Vulnerabilities > Ivanti
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-12-10 | CVE-2024-11634 | Command Injection vulnerability in Ivanti Connect Secure 22.7/7.1/7.4 Command injection in Ivanti Connect Secure before version 22.7R2.3 and Ivanti Policy Secure before version 22.7R1.2 allows a remote authenticated attacker with admin privileges to achieve remote code execution. | 7.2 |
| 2024-12-10 | CVE-2024-11639 | Missing Authentication for Critical Function vulnerability in Ivanti Cloud Services Appliance 4.5/4.6/5.0 An authentication bypass in the admin web console of Ivanti CSA before 5.0.3 allows a remote unauthenticated attacker to gain administrative access | 9.8 |
| 2024-12-10 | CVE-2024-11772 | Command Injection vulnerability in Ivanti Cloud Services Appliance 4.5/4.6/5.0 Command injection in the admin web console of Ivanti CSA before version 5.0.3 allows a remote authenticated attacker with admin privileges to achieve remote code execution. | 7.2 |
| 2024-12-10 | CVE-2024-11773 | SQL Injection vulnerability in Ivanti Cloud Services Appliance 4.5/4.6/5.0 SQL injection in the admin web console of Ivanti CSA before version 5.0.3 allows a remote authenticated attacker with admin privileges to run arbitrary SQL statements. | 7.2 |
| 2024-12-10 | CVE-2024-9844 | Unspecified vulnerability in Ivanti Connect Secure Insufficient server-side controls in Secure Application Manager of Ivanti Connect Secure before version 22.7R2.4 allows a remote authenticated attacker to bypass restrictions. | 8.8 |
| 2024-11-13 | CVE-2024-29211 | Race Condition vulnerability in Ivanti Secure Access Client A race condition in Ivanti Secure Access Client before version 22.7R4 allows a local authenticated attacker to modify sensitive configuration files. | 4.7 |
| 2024-11-13 | CVE-2024-37398 | Unspecified vulnerability in Ivanti Secure Access Client Insufficient validation in Ivanti Secure Access Client before 22.7R4 allows a local authenticated attacker to escalate their privileges. | 7.8 |
| 2024-11-12 | CVE-2024-11004 | Cross-site Scripting vulnerability in Ivanti Connect Secure 22.7/7.1/7.4 Reflected XSS in Ivanti Connect Secure before version 22.7R2.1 and Ivanti Policy Secure before version 22.7R1.1 allows a remote unauthenticated attacker to obtain admin privileges. | 6.1 |
| 2024-11-12 | CVE-2024-11005 | OS Command Injection vulnerability in Ivanti Connect Secure and Policy Secure Command injection in Ivanti Connect Secure before version 22.7R2.1 (Not Applicable to 9.1Rx) and Ivanti Policy Secure before version 22.7R1.1 (Not Applicable to 9.1Rx) allows a remote authenticated attacker with admin privileges to achieve remote code execution. | 7.2 |
| 2024-11-12 | CVE-2024-11006 | OS Command Injection vulnerability in Ivanti Connect Secure and Policy Secure Command injection in Ivanti Connect Secure before version 22.7R2.1 (Not Applicable to 9.1Rx) and Ivanti Policy Secure before version 22.7R1.1 (Not Applicable to 9.1Rx) allows a remote authenticated attacker with admin privileges to achieve remote code execution. | 7.2 |