Vulnerabilities > Ivanti > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-03-29 | CVE-2022-36977 | Unspecified vulnerability in Ivanti Avalanche 6.3.2.3490/6.3.3/6.3.3.101 This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Avalanche 6.3.2.3490. | 9.8 |
| 2023-03-29 | CVE-2022-36978 | Unspecified vulnerability in Ivanti Avalanche 6.3.2.3490/6.3.3/6.3.3.101 This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Avalanche 6.3.2.3490. | 9.8 |
| 2023-03-29 | CVE-2022-36979 | Unspecified vulnerability in Ivanti Avalanche 6.3.2.3490/6.3.3/6.3.3.101 This vulnerability allows remote attackers to bypass authentication on affected installations of Ivanti Avalanche 6.3.2.3490. | 9.8 |
| 2023-03-29 | CVE-2022-36981 | Unspecified vulnerability in Ivanti Avalanche 6.3.3.101 This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Avalanche 6.3.3.101. | 9.8 |
| 2023-03-29 | CVE-2022-36983 | Unspecified vulnerability in Ivanti Avalanche 6.3.3.101 This vulnerability allows remote attackers to bypass authentication on affected installations of Ivanti Avalanche. | 9.8 |
| 2022-12-05 | CVE-2022-27773 | Unspecified vulnerability in Ivanti Endpoint Manager A privilege escalation vulnerability is identified in Ivanti EPM (LANDesk Management Suite) that allows a user to execute commands with elevated privileges. | 9.8 |
| 2021-12-08 | CVE-2021-44529 | Code Injection vulnerability in Ivanti Endpoint Manager Cloud Services Appliance 4.5/4.6 A code injection vulnerability in the Ivanti EPM Cloud Services Appliance (CSA) allows an unauthenticated user to execute arbitrary code with limited permissions (nobody). | 9.8 |
| 2021-12-07 | CVE-2021-42127 | Deserialization of Untrusted Data vulnerability in Ivanti Avalanche A deserialization of untrusted data vulnerability exists in Ivanti Avalanche before 6.3.3 using Inforail Service allows arbitrary code execution via Data Repository Service. | 9.8 |
| 2021-12-07 | CVE-2021-42128 | Unspecified vulnerability in Ivanti Avalanche An exposed dangerous function vulnerability exists in Ivanti Avalanche before 6.3.3 using inforail Service allows Privilege Escalation via Enterprise Server Service. | 9.8 |
| 2021-04-23 | CVE-2021-22893 | Use After Free vulnerability in Ivanti Connect Secure 9.0/9.1 Pulse Connect Secure 9.0R3/9.1R1 and higher is vulnerable to an authentication bypass vulnerability exposed by the Windows File Share Browser and Pulse Secure Collaboration features of Pulse Connect Secure that can allow an unauthenticated user to perform remote arbitrary code execution on the Pulse Connect Secure gateway. | 10.0 |