Vulnerabilities > Ivanti > Critical

DATE CVE VULNERABILITY TITLE RISK
2023-12-19 CVE-2023-46259 Out-of-bounds Write vulnerability in Ivanti Avalanche
An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution.
network
low complexity
ivanti CWE-787
critical
9.8
2023-12-19 CVE-2023-46260 Out-of-bounds Write vulnerability in Ivanti Avalanche
An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution.
network
low complexity
ivanti CWE-787
critical
9.8
2023-12-19 CVE-2023-46261 Out-of-bounds Write vulnerability in Ivanti Avalanche
An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution.
network
low complexity
ivanti CWE-787
critical
9.8
2023-12-19 CVE-2023-46263 Unrestricted Upload of File with Dangerous Type vulnerability in Ivanti Avalanche
An unrestricted upload of file with dangerous type vulnerability exists in Avalanche versions 6.4.1 and below that could allow an attacker to achieve a remote code execution.
network
low complexity
ivanti CWE-434
critical
9.8
2023-12-19 CVE-2023-46264 Unrestricted Upload of File with Dangerous Type vulnerability in Ivanti Avalanche
An unrestricted upload of file with dangerous type vulnerability exists in Avalanche versions 6.4.1 and below that could allow an attacker to achieve a remove code execution.
network
low complexity
ivanti CWE-434
critical
9.8
2023-12-19 CVE-2023-46265 XXE vulnerability in Ivanti Avalanche
An unauthenticated could abuse a XXE vulnerability in the Smart Device Server to leak data or perform a Server-Side Request Forgery (SSRF).
network
low complexity
ivanti CWE-611
critical
9.8
2023-12-19 CVE-2023-46266 Unspecified vulnerability in Ivanti Avalanche
An attacker can send a specially crafted request which could lead to leakage of sensitive data or potentially a resource-based DoS attack.
network
low complexity
ivanti
critical
9.1
2023-11-15 CVE-2023-39335 Unspecified vulnerability in Ivanti Endpoint Manager Mobile
A security vulnerability has been identified in EPMM Versions 11.10, 11.9 and 11.8 and older allowing an unauthenticated threat actor to impersonate any existing user during the device enrollment process.
network
low complexity
ivanti
critical
9.8
2023-11-15 CVE-2023-39337 Unspecified vulnerability in Ivanti Endpoint Manager Mobile
A security vulnerability in EPMM Versions 11.10, 11.9 and 11.8 older allows a threat actor with knowledge of an enrolled device identifier to access and extract sensitive information, including device and environment configuration details, as well as secrets.
network
low complexity
ivanti
critical
9.1
2023-10-18 CVE-2023-35084 Deserialization of Untrusted Data vulnerability in Ivanti Endpoint Manager
Unsafe Deserialization of User Input could lead to Execution of Unauthorized Operations in Ivanti Endpoint Manager 2022 su3 and all previous versions, which could allow an attacker to execute commands remotely.
network
low complexity
ivanti CWE-502
critical
9.8