Vulnerabilities > Ivanti > High

DATE CVE VULNERABILITY TITLE RISK
2020-09-30 CVE-2020-8243 Code Injection vulnerability in multiple products
A vulnerability in the Pulse Connect Secure < 9.1R8.2 admin web interface could allow an authenticated attacker to upload custom template to perform an arbitrary code execution.
network
low complexity
pulsesecure ivanti CWE-94
7.2
2020-07-30 CVE-2020-8219 Incorrect Default Permissions vulnerability in multiple products
An insufficient permission check vulnerability exists in Pulse Connect Secure <9.1R8 that allows an attacker to change the password of a full administrator.
network
low complexity
pulsesecure ivanti CWE-276
7.2
2020-07-30 CVE-2020-8218 Code Injection vulnerability in multiple products
A code injection vulnerability exists in Pulse Connect Secure <9.1R8 that allows an attacker to crafted a URI to perform an arbitrary code execution via the admin web interface.
network
low complexity
pulsesecure ivanti CWE-94
7.2
2020-07-30 CVE-2020-8206 Improper Authentication vulnerability in multiple products
An improper authentication vulnerability exists in Pulse Connect Secure <9.1RB that allows an attacker with a users primary credentials to bypass the Google TOTP.
network
high complexity
pulsesecure ivanti CWE-287
8.1
2020-05-18 CVE-2019-17066 Improper Privilege Management vulnerability in Ivanti Workspace Control
In Ivanti WorkSpace Control before 10.4.40.0, a user can elevate rights on the system by hijacking certain user registries.
local
low complexity
ivanti CWE-269
7.8
2019-12-17 CVE-2019-19675 Incorrect Default Permissions vulnerability in Ivanti Workspace Control
In Ivanti Workspace Control before 10.3.180.0.
local
low complexity
ivanti CWE-276
7.8
2019-06-28 CVE-2018-20809 Improper Input Validation vulnerability in multiple products
A crafted message can cause the web server to crash with Pulse Secure Pulse Connect Secure (PCS) 8.3RX before 8.3R5 and Pulse Policy Secure 5.4RX before 5.4R5.
network
low complexity
pulsesecure ivanti CWE-20
7.5
2019-06-19 CVE-2019-11478 Resource Exhaustion vulnerability in multiple products
Jonathan Looney discovered that the TCP retransmission queue implementation in tcp_fragment in the Linux kernel could be fragmented when handling certain TCP Selective Acknowledgment (SACK) sequences.
network
low complexity
linux f5 canonical redhat pulsesecure ivanti CWE-400
7.5
2019-06-19 CVE-2019-11477 Integer Overflow or Wraparound vulnerability in multiple products
Jonathan Looney discovered that the TCP_SKB_CB(skb)->tcp_gso_segs value was subject to an integer overflow in the Linux kernel when handling TCP Selective Acknowledgments (SACKs).
network
low complexity
linux f5 canonical redhat pulsesecure ivanti CWE-190
7.5
2019-06-03 CVE-2019-12374 SQL Injection vulnerability in Ivanti Landesk Management Suite 10.0.1.168
A SQL Injection vulnerability exists in Ivanti LANDESK Management Suite (LDMS, aka Endpoint Manager) 10.0.1.168 Service Update 5 due to improper username sanitization in the Basic Authentication implementation in core/provisioning.secure/ProvisioningSecure.asmx in Provisioning.Secure.dll.
network
high complexity
ivanti CWE-89
8.1