Vulnerabilities > Ivanti > High

DATE CVE VULNERABILITY TITLE RISK
2024-11-12 CVE-2024-50324 Path Traversal vulnerability in Ivanti Endpoint Manager
Path traversal in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote authenticated attacker with admin privileges to achieve remote code execution.
network
low complexity
ivanti CWE-22
7.2
7.2
2024-11-12 CVE-2024-50326 SQL Injection vulnerability in Ivanti Endpoint Manager
SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote authenticated attacker with admin privileges to achieve remote code execution.
network
low complexity
ivanti CWE-89
7.2
7.2
2024-11-12 CVE-2024-50327 SQL Injection vulnerability in Ivanti Endpoint Manager
SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote authenticated attacker with admin privileges to achieve remote code execution.
network
low complexity
ivanti CWE-89
7.2
7.2
2024-11-12 CVE-2024-50328 SQL Injection vulnerability in Ivanti Endpoint Manager
SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote authenticated attacker with admin privileges to achieve remote code execution.
network
low complexity
ivanti CWE-89
7.2
7.2
2024-11-12 CVE-2024-50329 Path Traversal vulnerability in Ivanti Endpoint Manager
Path traversal in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote unauthenticated attacker to achieve remote code execution.
network
low complexity
ivanti CWE-22
8.8
8.8
2024-10-08 CVE-2024-47007 NULL Pointer Dereference vulnerability in Ivanti Avalanche
A NULL pointer dereference in WLAvalancheService.exe of Ivanti Avalanche before version 6.4.5 allows a remote unauthenticated attacker to cause a denial of service.
network
low complexity
ivanti CWE-476
7.5
7.5
2024-10-08 CVE-2024-47008 Server-Side Request Forgery (SSRF) vulnerability in Ivanti Avalanche
Server-side request forgery in Ivanti Avalanche before version 6.4.5 allows a remote unauthenticated attacker to leak sensitive information.
network
low complexity
ivanti CWE-918
7.5
7.5
2024-10-08 CVE-2024-47011 Path Traversal vulnerability in Ivanti Avalanche
Path Traversal in Ivanti Avalanche before version 6.4.5 allows a remote unauthenticated attacker to leak sensitive information
network
low complexity
ivanti CWE-22
7.5
7.5
2024-10-08 CVE-2024-9379 SQL Injection vulnerability in Ivanti Endpoint Manager Cloud Services Appliance 4.5/4.6
SQL injection in the admin web console of Ivanti CSA before version 5.0.2 allows a remote authenticated attacker with admin privileges to run arbitrary SQL statements.
network
low complexity
ivanti CWE-89
7.2
7.2
2024-10-08 CVE-2024-9380 OS Command Injection vulnerability in Ivanti Endpoint Manager Cloud Services Appliance 4.5/4.6
An OS command injection vulnerability in the admin web console of Ivanti CSA before version 5.0.2 allows a remote authenticated attacker with admin privileges to obtain remote code execution.
network
low complexity
ivanti CWE-78
7.2
7.2