Vulnerabilities > Ivanti > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-11-12 | CVE-2020-13774 | Unrestricted Upload of File with Dangerous Type vulnerability in Ivanti Endpoint Manager 2019.1/2020.1 An unrestricted file-upload issue in EditLaunchPadDialog.aspx in Ivanti Endpoint Manager 2019.1 and 2020.1 allows an authenticated attacker to gain remote code execution by uploading a malicious aspx file. | 9.9 |
| 2020-08-06 | CVE-2020-13793 | Use of Hard-coded Credentials vulnerability in Ivanti DSM Netinst 5.1 Unsafe storage of AD credentials in Ivanti DSM netinst 5.1 due to a static, hard-coded encryption key. | 9.8 |
| 2020-08-06 | CVE-2020-12441 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Ivanti products Denial-of-Service (DoS) in Ivanti Service Manager HEAT Remote Control 7.4 due to a buffer overflow in the protocol parser of the ‘HEATRemoteService’ agent. | 9.8 |
| 2020-04-28 | CVE-2020-12442 | SQL Injection vulnerability in Ivanti Avalanche 6.3 Ivanti Avalanche 6.3 allows a SQL injection that is vaguely associated with the Apache HTTP Server, aka Bug 683250. | 9.8 |
| 2020-03-19 | CVE-2019-16382 | Unspecified vulnerability in Ivanti Workspace Control 10.3.110.0 An issue was discovered in Ivanti Workspace Control 10.3.110.0. | 9.8 |
| 2019-07-11 | CVE-2019-10651 | Unspecified vulnerability in Ivanti Endpoint Manager 2017.3/2018.1/2018.3 An issue was discovered in the Core Server in Ivanti Endpoint Manager (EPM) 2017.3 before SU7 and 2018.x before 2018.3 SU3, with remote code execution. | 9.8 |
| 2019-06-28 | CVE-2018-20813 | Improper Input Validation vulnerability in Ivanti Connect Secure 8.3 An input validation issue has been found with login_meeting.cgi in Pulse Secure Pulse Connect Secure 8.3RX before 8.3R2. | 9.8 |
| 2019-06-28 | CVE-2018-20810 | Inadequate Encryption Strength vulnerability in multiple products Session data between cluster nodes during cluster synchronization is not properly encrypted in Pulse Secure Pulse Connect Secure (PCS) 8.3RX before 8.3R2 and Pulse Policy Secure (PPS) 5.4RX before 5.4R2. | 9.8 |
| 2019-06-03 | CVE-2019-12377 | Unrestricted Upload of File with Dangerous Type vulnerability in Ivanti Landesk Management Suite 10.0.1.168 A vulnerable upl/async_upload.asp web API endpoint in Ivanti LANDESK Management Suite (LDMS, aka Endpoint Manager) 10.0.1.168 Service Update 5 allows arbitrary file upload, which may lead to arbitrary remote code execution. | 9.8 |
| 2019-06-03 | CVE-2019-12373 | Incorrect Permission Assignment for Critical Resource vulnerability in Ivanti Landesk Management Suite 10.0.1.168 Improper access control and open directories in Ivanti LANDESK Management Suite (LDMS, aka Endpoint Manager) 10.0.1.168 Service Update 5 may lead to remote disclosure of administrator passwords. | 9.0 |