Vulnerabilities > Ivanti
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-08-13 | CVE-2024-7570 | Improper Certificate Validation vulnerability in Ivanti Neurons for Itsm 2023.2/2023.3/2023.4 Improper certificate validation in Ivanti ITSM on-prem and Neurons for ITSM Versions 2023.4 and earlier allows a remote attacker in a MITM position to craft a token that would allow access to ITSM as any user. | 8.1 |
| 2024-08-13 | CVE-2024-7593 | Improper Authentication vulnerability in Ivanti Virtual Traffic Management Incorrect implementation of an authentication algorithm in Ivanti vTM other than versions 22.2R1 or 22.7R2 allows a remote unauthenticated attacker to bypass authentication of the admin panel. | 9.8 |
| 2024-08-07 | CVE-2024-34788 | Improper Authentication vulnerability in Ivanti Endpoint Manager Mobile An improper authentication vulnerability in web component of EPMM prior to 12.1.0.1 allows a remote malicious user to access potentially sensitive information | 6.5 |
| 2024-08-07 | CVE-2024-36130 | Improper Authentication vulnerability in Ivanti Endpoint Manager Mobile An insufficient authorization vulnerability in web component of EPMM prior to 12.1.0.1 allows an unauthorized attacker within the network to execute arbitrary commands on the underlying operating system of the appliance. | 9.8 |
| 2024-08-07 | CVE-2024-36131 | Deserialization of Untrusted Data vulnerability in Ivanti Endpoint Manager Mobile An insecure deserialization vulnerability in web component of EPMM prior to 12.1.0.1 allows an authenticated remote attacker to execute arbitrary commands on the underlying operating system of the appliance. | 8.8 |
| 2024-08-07 | CVE-2024-36132 | Improper Authentication vulnerability in Ivanti Endpoint Manager Mobile Insufficient verification of authentication controls in EPMM prior to 12.1.0.1 allows a remote attacker to bypass authentication and access sensitive resources. | 7.5 |
| 2024-08-07 | CVE-2024-37403 | Path Traversal vulnerability in Ivanti Docs@Work Ivanti Docs@Work for Android, before 2.26.0 is affected by the 'Dirty Stream' vulnerability. | 5.5 |
| 2024-05-31 | CVE-2024-29822 | SQL Injection vulnerability in Ivanti Endpoint Manager An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an unauthenticated attacker within the same network to execute arbitrary code. | 8.8 |
| 2024-05-31 | CVE-2024-29823 | SQL Injection vulnerability in Ivanti Endpoint Manager An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an unauthenticated attacker within the same network to execute arbitrary code. | 8.8 |
| 2024-05-31 | CVE-2024-29824 | SQL Injection vulnerability in Ivanti Endpoint Manager An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an unauthenticated attacker within the same network to execute arbitrary code. | 8.8 |