Vulnerabilities > Ivanti > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-12-08 | CVE-2021-44529 | Code Injection vulnerability in Ivanti Endpoint Manager Cloud Services Appliance 4.5/4.6 A code injection vulnerability in the Ivanti EPM Cloud Services Appliance (CSA) allows an unauthenticated user to execute arbitrary code with limited permissions (nobody). | 9.8 |
| 2021-12-07 | CVE-2021-42127 | Deserialization of Untrusted Data vulnerability in Ivanti Avalanche A deserialization of untrusted data vulnerability exists in Ivanti Avalanche before 6.3.3 using Inforail Service allows arbitrary code execution via Data Repository Service. | 9.8 |
| 2021-12-07 | CVE-2021-42128 | Unspecified vulnerability in Ivanti Avalanche An exposed dangerous function vulnerability exists in Ivanti Avalanche before 6.3.3 using inforail Service allows Privilege Escalation via Enterprise Server Service. | 9.8 |
| 2021-04-23 | CVE-2021-22893 | Use After Free vulnerability in Ivanti Connect Secure 9.0/9.1 Pulse Connect Secure 9.0R3/9.1R1 and higher is vulnerable to an authentication bypass vulnerability exposed by the Windows File Share Browser and Pulse Secure Collaboration features of Pulse Connect Secure that can allow an unauthenticated user to perform remote arbitrary code execution on the Pulse Connect Secure gateway. | 10.0 |
| 2020-11-12 | CVE-2020-13774 | Unrestricted Upload of File with Dangerous Type vulnerability in Ivanti Endpoint Manager 2019.1/2020.1 An unrestricted file-upload issue in EditLaunchPadDialog.aspx in Ivanti Endpoint Manager 2019.1 and 2020.1 allows an authenticated attacker to gain remote code execution by uploading a malicious aspx file. | 9.9 |
| 2020-08-06 | CVE-2020-13793 | Use of Hard-coded Credentials vulnerability in Ivanti DSM Netinst 5.1 Unsafe storage of AD credentials in Ivanti DSM netinst 5.1 due to a static, hard-coded encryption key. | 9.8 |
| 2020-08-06 | CVE-2020-12441 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Ivanti products Denial-of-Service (DoS) in Ivanti Service Manager HEAT Remote Control 7.4 due to a buffer overflow in the protocol parser of the ‘HEATRemoteService’ agent. | 9.8 |
| 2020-04-28 | CVE-2020-12442 | SQL Injection vulnerability in Ivanti Avalanche 6.3 Ivanti Avalanche 6.3 allows a SQL injection that is vaguely associated with the Apache HTTP Server, aka Bug 683250. | 9.8 |
| 2020-03-19 | CVE-2019-16382 | Unspecified vulnerability in Ivanti Workspace Control 10.3.110.0 An issue was discovered in Ivanti Workspace Control 10.3.110.0. | 9.8 |
| 2019-07-11 | CVE-2019-10651 | Unspecified vulnerability in Ivanti Endpoint Manager 2017.3/2018.1/2018.3 An issue was discovered in the Core Server in Ivanti Endpoint Manager (EPM) 2017.3 before SU7 and 2018.x before 2018.3 SU3, with remote code execution. | 9.8 |