Vulnerabilities > Ivanti > High

DATE CVE VULNERABILITY TITLE RISK
2024-11-13 CVE-2024-37398 Unspecified vulnerability in Ivanti Secure Access Client
Insufficient validation in Ivanti Secure Access Client before 22.7R4 allows a local authenticated attacker to escalate their privileges.
local
low complexity
ivanti
7.8
7.8
2024-11-12 CVE-2024-11007 OS Command Injection vulnerability in Ivanti Connect Secure 22.7/7.1/7.4
Command injection in Ivanti Connect Secure before version 22.7R2.1 and Ivanti Policy Secure before version 22.7R1.1 allows a remote authenticated attacker with admin privileges to achieve remote code execution.
network
low complexity
ivanti CWE-78
7.2
7.2
2024-11-12 CVE-2024-47907 Out-of-bounds Write vulnerability in Ivanti Connect Secure
A stack-based buffer overflow in IPsec of Ivanti Connect Secure before version 22.7R2.3 allows a remote unauthenticated attacker to cause a denial of service.
network
low complexity
ivanti CWE-787
7.5
7.5
2024-11-12 CVE-2024-50317 NULL Pointer Dereference vulnerability in Ivanti Avalanche
A null pointer dereference in Ivanti Avalanche before 6.4.6 allows a remote unauthenticated attacker to cause a denial of service.
network
low complexity
ivanti CWE-476
7.5
7.5
2024-11-12 CVE-2024-50318 NULL Pointer Dereference vulnerability in Ivanti Avalanche
A null pointer dereference in Ivanti Avalanche before 6.4.6 allows a remote unauthenticated attacker to cause a denial of service.
network
low complexity
ivanti CWE-476
7.5
7.5
2024-11-12 CVE-2024-50319 Infinite Loop vulnerability in Ivanti Avalanche
An infinite loop in Ivanti Avalanche before 6.4.6 allows a remote unauthenticated attacker to cause a denial of service.
network
low complexity
ivanti CWE-835
7.5
7.5
2024-11-12 CVE-2024-50320 Infinite Loop vulnerability in Ivanti Avalanche
An infinite loop in Ivanti Avalanche before 6.4.6 allows a remote unauthenticated attacker to cause a denial of service.
network
low complexity
ivanti CWE-835
7.5
7.5
2024-11-12 CVE-2024-50321 Infinite Loop vulnerability in Ivanti Avalanche
An infinite loop in Ivanti Avalanche before 6.4.6 allows a remote unauthenticated attacker to cause a denial of service.
network
low complexity
ivanti CWE-835
7.5
7.5
2024-11-12 CVE-2024-50322 Path Traversal vulnerability in Ivanti Endpoint Manager
Path traversal in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a local unauthenticated attacker to achieve code execution.
local
low complexity
ivanti CWE-22
7.8
7.8
2024-11-12 CVE-2024-50323 SQL Injection vulnerability in Ivanti Endpoint Manager
SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a local unauthenticated attacker to achieve code execution.
local
low complexity
ivanti CWE-89
7.8
7.8