Vulnerabilities > Ivanti
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2018-10-15 | CVE-2018-15590 | Unspecified vulnerability in Ivanti Workspace Control An issue was discovered in Ivanti Workspace Control before 10.3.0.0 and RES One Workspace, when file and folder security are configured. | 5.5 |
2018-09-06 | CVE-2018-6320 | Improper Input Validation vulnerability in multiple products A vulnerability has been discovered in login.cgi in Pulse Secure Pulse Connect Secure (PCS) 8.1RX before 8.1R12 and 8.3RX before 8.3R2 and Pulse Policy Secure (PPS) 5.2RX before 5.2R9 and 5.4RX before 5.4R2 wherein an http(s) Host header received from the browser is trusted without validation. | 9.8 |
2018-09-06 | CVE-2018-14366 | Open Redirect vulnerability in multiple products download.cgi in Pulse Secure Pulse Connect Secure 8.1RX before 8.1R13 and 8.3RX before 8.3R4 and Pulse Policy Secure through 5.2RX before 5.2R10 and 5.4RX before 5.4R4 have an Open Redirect Vulnerability. | 6.1 |
2018-06-29 | CVE-2018-8902 | Improper Authentication vulnerability in Ivanti Avalanche An issue was discovered in Ivanti Avalanche for all versions between 5.3 and 6.2. | 6.5 |
2018-06-29 | CVE-2018-8901 | Unspecified vulnerability in Ivanti Avalanche An issue was discovered in Ivanti Avalanche for all versions between 5.3 and 6.2. | 7.8 |
2018-02-15 | CVE-2018-6316 | Incorrect Authorization vulnerability in Ivanti Endpoint Security 8.5 Ivanti Endpoint Security (formerly HEAT Endpoint Management and Security Suite) 8.5 Update 1 and earlier allows an authenticated user with low privileges and access to the local network to bypass application whitelisting when using the Application Control module on Ivanti Endpoint Security in lockdown mode. | 7.5 |
2017-12-11 | CVE-2017-11463 | Permission Issues vulnerability in Ivanti Endpoint Manager 2016.4/2017.1/2017.3 In Ivanti Service Desk (formerly LANDESK Management Suite) versions between 2016.3 and 2017.3, an Unrestricted Direct Object Reference leads to referencing/updating objects belonging to other users. | 8.8 |
2017-08-29 | CVE-2017-11455 | Cross-Site Request Forgery (CSRF) vulnerability in multiple products diag.cgi in Pulse Connect Secure 8.2R1 through 8.2R5, 8.1R1 through 8.1R10 and Pulse Policy Secure 5.3R1 through 5.3R5, 5.2R1 through 5.2R8, and 5.1R1 through 5.1R10 allow remote attackers to hijack the authentication of administrators for requests to start tcpdump, related to the lack of anti-CSRF tokens. | 8.8 |
2017-01-23 | CVE-2016-3147 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Ivanti Landesk Management Suite 10.0.0.271/9.60.0.244 Buffer overflow in the collector.exe listener of the Landesk Management Suite 10.0.0.271 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via a large packet. | 9.8 |
2016-05-26 | CVE-2016-4792 | Unspecified vulnerability in Ivanti Connect Secure 8.2 Pulse Connect Secure (PCS) 8.2 before 8.2r1 allows remote attackers to disclose sign in pages via unspecified vectors. | 5.3 |