Vulnerabilities > Ivanti
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-09-12 | CVE-2024-34783 | SQL Injection vulnerability in Ivanti Endpoint Manager An unspecified SQL injection in Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote authenticated attacker with admin privileges to achieve remote code execution. | 7.2 |
| 2024-09-12 | CVE-2024-34785 | SQL Injection vulnerability in Ivanti Endpoint Manager An unspecified SQL injection in Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote authenticated attacker with admin privileges to achieve remote code execution. | 7.2 |
| 2024-09-10 | CVE-2024-44103 | Untrusted Search Path vulnerability in Ivanti Workspace Control DLL hijacking in the management console of Ivanti Workspace Control version 10.18.0.0 and below allows a local authenticated attacker to escalate their privileges. | 7.8 |
| 2024-09-10 | CVE-2024-44104 | Authentication Bypass by Spoofing vulnerability in Ivanti Workspace Control An incorrectly implemented authentication scheme that is subjected to a spoofing attack in the management console of Ivanti Workspace Control version 10.18.0.0 and below allows a local authenticated attacker to escalate their privileges. | 7.8 |
| 2024-09-10 | CVE-2024-44105 | Cleartext Transmission of Sensitive Information vulnerability in Ivanti Workspace Control Cleartext transmission of sensitive information in the management console of Ivanti Workspace Control version 10.18.0.0 and below allows a local authenticated attacker to obtain OS credentials. | 7.8 |
| 2024-09-10 | CVE-2024-44106 | Unspecified vulnerability in Ivanti Workspace Control Insufficient server-side controls in the management console of Ivanti Workspace Control version 10.18.0.0 and below allows a local authenticated attacker to escalate their privileges. | 7.8 |
| 2024-09-10 | CVE-2024-44107 | Uncontrolled Search Path Element vulnerability in Ivanti Workspace Control DLL hijacking in the management console of Ivanti Workspace Control version 10.18.0.0 and below allows a local authenticated attacker to escalate their privileges and achieve arbitrary code execution. | 7.8 |
| 2024-09-10 | CVE-2024-8012 | Missing Authentication for Critical Function vulnerability in Ivanti Workspace Control An authentication bypass weakness in the message broker service of Ivanti Workspace Control version 10.18.0.0 and below allows a local authenticated attacker to escalate their privileges. | 7.8 |
| 2024-09-10 | CVE-2024-8190 | OS Command Injection vulnerability in Ivanti Cloud Services Appliance 4.6 An OS command injection vulnerability in Ivanti Cloud Services Appliance versions 4.6 Patch 518 and before allows a remote authenticated attacker to obtain remote code execution. | 7.2 |
| 2024-09-10 | CVE-2024-8191 | SQL Injection vulnerability in Ivanti Endpoint Manager SQL injection in the management console of Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote unauthenticated attacker to achieve remote code execution. | 9.8 |