Vulnerabilities > Ivanti > Critical

DATE CVE VULNERABILITY TITLE RISK
2023-03-29 CVE-2022-36983 Unspecified vulnerability in Ivanti Avalanche 6.3.3.101
This vulnerability allows remote attackers to bypass authentication on affected installations of Ivanti Avalanche.
network
low complexity
ivanti
critical
9.8
2022-12-05 CVE-2022-27773 Unspecified vulnerability in Ivanti Endpoint Manager
A privilege escalation vulnerability is identified in Ivanti EPM (LANDesk Management Suite) that allows a user to execute commands with elevated privileges.
network
low complexity
ivanti
critical
9.8
2021-12-08 CVE-2021-44529 Code Injection vulnerability in Ivanti Endpoint Manager Cloud Services Appliance 4.5/4.6
A code injection vulnerability in the Ivanti EPM Cloud Services Appliance (CSA) allows an unauthenticated user to execute arbitrary code with limited permissions (nobody).
network
low complexity
ivanti CWE-94
critical
9.8
2021-12-07 CVE-2021-42127 Deserialization of Untrusted Data vulnerability in Ivanti Avalanche
A deserialization of untrusted data vulnerability exists in Ivanti Avalanche before 6.3.3 using Inforail Service allows arbitrary code execution via Data Repository Service.
network
low complexity
ivanti CWE-502
critical
9.8
2021-12-07 CVE-2021-42128 Unspecified vulnerability in Ivanti Avalanche
An exposed dangerous function vulnerability exists in Ivanti Avalanche before 6.3.3 using inforail Service allows Privilege Escalation via Enterprise Server Service.
network
low complexity
ivanti
critical
9.8
2021-04-23 CVE-2021-22893 Use After Free vulnerability in Ivanti Connect Secure 9.0/9.1
Pulse Connect Secure 9.0R3/9.1R1 and higher is vulnerable to an authentication bypass vulnerability exposed by the Windows File Share Browser and Pulse Secure Collaboration features of Pulse Connect Secure that can allow an unauthenticated user to perform remote arbitrary code execution on the Pulse Connect Secure gateway.
network
low complexity
ivanti CWE-416
critical
10.0
2020-11-12 CVE-2020-13774 Unrestricted Upload of File with Dangerous Type vulnerability in Ivanti Endpoint Manager 2019.1/2020.1
An unrestricted file-upload issue in EditLaunchPadDialog.aspx in Ivanti Endpoint Manager 2019.1 and 2020.1 allows an authenticated attacker to gain remote code execution by uploading a malicious aspx file.
network
low complexity
ivanti CWE-434
critical
9.9
2020-08-06 CVE-2020-13793 Use of Hard-coded Credentials vulnerability in Ivanti DSM Netinst 5.1
Unsafe storage of AD credentials in Ivanti DSM netinst 5.1 due to a static, hard-coded encryption key.
network
low complexity
ivanti CWE-798
critical
9.8
2020-08-06 CVE-2020-12441 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Ivanti products
Denial-of-Service (DoS) in Ivanti Service Manager HEAT Remote Control 7.4 due to a buffer overflow in the protocol parser of the ‘HEATRemoteService’ agent.
network
low complexity
ivanti CWE-119
critical
9.8
2020-04-28 CVE-2020-12442 SQL Injection vulnerability in Ivanti Avalanche 6.3
Ivanti Avalanche 6.3 allows a SQL injection that is vaguely associated with the Apache HTTP Server, aka Bug 683250.
network
low complexity
ivanti CWE-89
critical
9.8