Vulnerabilities > Ivanti
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-11-13 | CVE-2024-34780 | Unspecified vulnerability in Ivanti Endpoint Manager SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote authenticated attacker with admin privileges to achieve remote code execution. | 7.2 |
| 2024-11-13 | CVE-2024-34781 | Unspecified vulnerability in Ivanti Endpoint Manager SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote authenticated attacker with admin privileges to achieve remote code execution. | 7.2 |
| 2024-11-13 | CVE-2024-34782 | Unspecified vulnerability in Ivanti Endpoint Manager SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote authenticated attacker with admin privileges to achieve remote code execution. | 7.2 |
| 2024-11-13 | CVE-2024-34784 | Unspecified vulnerability in Ivanti Endpoint Manager SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote authenticated attacker with admin privileges to achieve remote code execution. | 7.2 |
| 2024-11-13 | CVE-2024-34787 | Unspecified vulnerability in Ivanti Endpoint Manager Path traversal in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a local unauthenticated attacker to achieve code execution. | 7.8 |
| 2024-11-13 | CVE-2024-37376 | Unspecified vulnerability in Ivanti Endpoint Manager SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote authenticated attacker with admin privileges to achieve remote code execution. | 7.2 |
| 2024-11-13 | CVE-2024-37398 | Unspecified vulnerability in Ivanti Secure Access Client Insufficient validation in Ivanti Secure Access Client before 22.7R4 allows a local authenticated attacker to escalate their privileges. | 7.8 |
| 2024-11-12 | CVE-2024-11004 | Cross-site Scripting vulnerability in Ivanti Connect Secure 22.7/7.1/7.4 Reflected XSS in Ivanti Connect Secure before version 22.7R2.1 and Ivanti Policy Secure before version 22.7R1.1 allows a remote unauthenticated attacker to obtain admin privileges. | 6.1 |
| 2024-11-12 | CVE-2024-11005 | OS Command Injection vulnerability in Ivanti Connect Secure and Policy Secure Command injection in Ivanti Connect Secure before version 22.7R2.1 (Not Applicable to 9.1Rx) and Ivanti Policy Secure before version 22.7R1.1 (Not Applicable to 9.1Rx) allows a remote authenticated attacker with admin privileges to achieve remote code execution. | 7.2 |
| 2024-11-12 | CVE-2024-11006 | OS Command Injection vulnerability in Ivanti Connect Secure and Policy Secure Command injection in Ivanti Connect Secure before version 22.7R2.1 (Not Applicable to 9.1Rx) and Ivanti Policy Secure before version 22.7R1.1 (Not Applicable to 9.1Rx) allows a remote authenticated attacker with admin privileges to achieve remote code execution. | 7.2 |