Vulnerabilities > Ivanti > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-08-10 | CVE-2023-28129 | Unspecified vulnerability in Ivanti Desktop & Server Management 2022.2 DSM 2022.2 SU2 and all prior versions allows a local low privileged account to execute arbitrary OS commands as the DSM software installation user. | 7.8 |
| 2023-08-10 | CVE-2023-32561 | Unspecified vulnerability in Ivanti Avalanche A previously generated artifact by an administrator could be accessed by an attacker. | 7.5 |
| 2023-08-03 | CVE-2023-35081 | Path Traversal vulnerability in Ivanti Endpoint Manager Mobile A path traversal vulnerability in Ivanti EPMM versions (11.10.x < 11.10.0.3, 11.9.x < 11.9.1.2 and 11.8.x < 11.8.1.2) allows an authenticated administrator to write arbitrary files onto the appliance. | 7.2 |
| 2023-07-21 | CVE-2023-35077 | Out-of-bounds Write vulnerability in Ivanti Endpoint Manager An out-of-bounds write vulnerability on windows operating systems causes the Ivanti AntiVirus Product to crash. | 7.5 |
| 2023-05-09 | CVE-2023-28127 | Path Traversal vulnerability in Ivanti Avalanche A path traversal vulnerability exists in Avalanche version 6.3.x and below that when exploited could result in possible information disclosure. | 7.5 |
| 2023-05-09 | CVE-2023-28128 | Unrestricted Upload of File with Dangerous Type vulnerability in Ivanti Avalanche An unrestricted upload of file with dangerous type vulnerability exists in Avalanche versions 6.3.x and below that could allow an attacker to achieve a remove code execution. | 7.2 |
| 2023-03-29 | CVE-2022-36971 | Deserialization of Untrusted Data vulnerability in Ivanti Avalanche 6.3.2.3490/6.3.3/6.3.3.101 This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Avalanche 6.3.2.3490. | 8.8 |
| 2023-03-29 | CVE-2022-36973 | Unspecified vulnerability in Ivanti Avalanche 6.3.2.3490/6.3.3/6.3.3.101 This vulnerability allows remote attackers to bypass authentication on affected installations of Ivanti Avalanche 6.3.2.3490. | 8.8 |
| 2023-03-29 | CVE-2022-36980 | Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Ivanti Avalanche 6.3.2.3490/6.3.3/6.3.3.101 This vulnerability allows remote attackers to bypass authentication on affected installations of Ivanti Avalanche 6.3.2.3490. | 8.1 |
| 2023-03-29 | CVE-2022-36982 | Unspecified vulnerability in Ivanti Avalanche 6.3.3.101 This vulnerability allows remote attackers to read arbitrary files on affected installations of Ivanti Avalanche 6.3.3.101. | 7.5 |