Vulnerabilities > Ivanti > High

DATE CVE VULNERABILITY TITLE RISK
2025-02-11 CVE-2024-13813 Incorrect Permission Assignment for Critical Resource vulnerability in Ivanti Secure Access Client
Insufficient permissions in Ivanti Secure Access Client before version 22.8R1 allows a local authenticated attacker to delete arbitrary files.
local
low complexity
ivanti CWE-732
7.1
2025-02-11 CVE-2024-47908 OS Command Injection vulnerability in Ivanti Cloud Services Appliance
OS command injection in the admin web console of Ivanti CSA before version 5.0.5 allows a remote authenticated attacker with admin privileges to achieve remote code execution.
network
low complexity
ivanti CWE-78
7.2
2025-02-11 CVE-2025-22467 Stack-based Buffer Overflow vulnerability in Ivanti Connect Secure
A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.6 allows a remote authenticated attacker to achieve remote code execution.
network
low complexity
ivanti CWE-121
8.8
2025-01-14 CVE-2024-13159 Unspecified vulnerability in Ivanti Endpoint Manager 2021.1.1/2022/2024
Absolute path traversal in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to leak sensitive information.
network
low complexity
ivanti
7.5
2025-01-14 CVE-2024-13160 Unspecified vulnerability in Ivanti Endpoint Manager 2021.1.1/2022/2024
Absolute path traversal in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to leak sensitive information.
network
low complexity
ivanti
7.5
2025-01-14 CVE-2024-13161 Unspecified vulnerability in Ivanti Endpoint Manager 2021.1.1/2022/2024
Absolute path traversal in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to leak sensitive information.
network
low complexity
ivanti
7.5
2025-01-14 CVE-2024-13180 Path Traversal vulnerability in Ivanti Avalanche
Path Traversal in Ivanti Avalanche before version 6.4.7 allows a remote unauthenticated attacker to leak sensitive information.
network
low complexity
ivanti CWE-22
7.5
2025-01-08 CVE-2025-0283 Out-of-bounds Write vulnerability in Ivanti Connect Secure 7.1/7.4
A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.5, Ivanti Policy Secure before version 22.7R1.2, and Ivanti Neurons for ZTA gateways before version 22.7R2.3 allows a local authenticated attacker to escalate their privileges.
local
high complexity
ivanti CWE-787
7.0
2024-12-11 CVE-2024-10251 Incorrect Default Permissions vulnerability in Ivanti Security Controls
Under specific circumstances, insecure permissions in Ivanti Security Controls before version 2024.4.1 allows a local authenticated attacker to achieve local privilege escalation.
local
low complexity
ivanti CWE-276
7.8
2024-12-11 CVE-2024-11597 Incorrect Default Permissions vulnerability in Ivanti Performance Manager 2023.3/2024.1/2024.3
Under specific circumstances, insecure permissions in Ivanti Performance Manager before version 2024.3 HF1, 2024.1 HF1, or 2023.3 HF1 allows a local authenticated attacker to achieve local privilege escalation.
local
low complexity
ivanti CWE-276
7.8