Vulnerabilities > Ivanti > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2025-01-14 | CVE-2024-13179 | Path Traversal vulnerability in Ivanti Avalanche Path Traversal in Ivanti Avalanche before version 6.4.7 allows a remote unauthenticated attacker to bypass authentication. | 9.8 |
| 2025-01-14 | CVE-2024-13181 | Path Traversal vulnerability in Ivanti Avalanche Path Traversal in Ivanti Avalanche before version 6.4.7 allows a remote unauthenticated attacker to bypass authentication. | 9.8 |
| 2025-01-08 | CVE-2025-0282 | Out-of-bounds Write vulnerability in Ivanti products A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.5, Ivanti Policy Secure before version 22.7R1.2, and Ivanti Neurons for ZTA gateways before version 22.7R2.3 allows a remote unauthenticated attacker to achieve remote code execution. | 9.0 |
| 2024-12-10 | CVE-2024-11639 | Missing Authentication for Critical Function vulnerability in Ivanti Cloud Services Appliance 4.5/4.6/5.0 An authentication bypass in the admin web console of Ivanti CSA before 5.0.3 allows a remote unauthenticated attacker to gain administrative access | 9.8 |
| 2024-10-08 | CVE-2024-47009 | Path Traversal vulnerability in Ivanti Avalanche Path Traversal in Ivanti Avalanche before version 6.4.5 allows a remote unauthenticated attacker to bypass authentication. | 9.8 |
| 2024-10-08 | CVE-2024-47010 | Path Traversal vulnerability in Ivanti Avalanche Path Traversal in Ivanti Avalanche before version 6.4.5 allows a remote unauthenticated attacker to bypass authentication. | 9.8 |
| 2024-09-19 | CVE-2024-8963 | Path Traversal vulnerability in Ivanti Endpoint Manager Cloud Services Appliance 4.6 Path Traversal in the Ivanti CSA before 4.6 Patch 519 allows a remote unauthenticated attacker to access restricted functionality. | 9.1 |
| 2024-09-12 | CVE-2024-29847 | Deserialization of Untrusted Data vulnerability in Ivanti Endpoint Manager Deserialization of untrusted data in the agent portal of Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote unauthenticated attacker to achieve remote code execution. | 9.8 |
| 2024-09-10 | CVE-2024-8191 | SQL Injection vulnerability in Ivanti Endpoint Manager SQL injection in the management console of Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote unauthenticated attacker to achieve remote code execution. | 9.8 |
| 2024-08-14 | CVE-2024-38652 | Path Traversal vulnerability in Ivanti Avalanche Path traversal in the skin management component of Ivanti Avalanche 6.3.1 allows a remote unauthenticated attacker to achieve denial of service via arbitrary file deletion. | 9.1 |