High

DATE	CVE	VULNERABILITY TITLE	RISK
2024-10-08	CVE-2024-47008	Server-Side Request Forgery (SSRF) vulnerability in Ivanti Avalanche Server-side request forgery in Ivanti Avalanche before version 6.4.5 allows a remote unauthenticated attacker to leak sensitive information. network low complexity ivanti CWE-918	7.5
2024-10-08	CVE-2024-47011	Path Traversal vulnerability in Ivanti Avalanche Path Traversal in Ivanti Avalanche before version 6.4.5 allows a remote unauthenticated attacker to leak sensitive information network low complexity ivanti CWE-22	7.5
2024-10-08	CVE-2024-7612	Incorrect Permission Assignment for Critical Resource vulnerability in Ivanti Endpoint Manager Mobile Insecure permissions in Ivanti EPMM before 12.1.0.4 allow a local authenticated attacker to modify sensitive application components. local low complexity ivanti CWE-732	7.8
2024-10-08	CVE-2024-9379	SQL Injection vulnerability in Ivanti Endpoint Manager Cloud Services Appliance 4.5/4.6 SQL injection in the admin web console of Ivanti CSA before version 5.0.2 allows a remote authenticated attacker with admin privileges to run arbitrary SQL statements. network low complexity ivanti CWE-89	7.2
2024-10-08	CVE-2024-9380	OS Command Injection vulnerability in Ivanti Endpoint Manager Cloud Services Appliance 4.5/4.6 An OS command injection vulnerability in the admin web console of Ivanti CSA before version 5.0.2 allows a remote authenticated attacker with admin privileges to obtain remote code execution. network low complexity ivanti CWE-78	7.2
2024-10-08	CVE-2024-9381	Path Traversal vulnerability in Ivanti Endpoint Manager Cloud Services Appliance 4.5/4.6 Path traversal in Ivanti CSA before version 5.0.2 allows a remote authenticated attacker with admin privileges to bypass restrictions. network low complexity ivanti CWE-22	7.2
2024-09-12	CVE-2024-32840	SQL Injection vulnerability in Ivanti Endpoint Manager An unspecified SQL injection in Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote authenticated attacker with admin privileges to achieve remote code execution. network low complexity ivanti CWE-89	7.2
2024-09-12	CVE-2024-32842	SQL Injection vulnerability in Ivanti Endpoint Manager An unspecified SQL injection in Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote authenticated attacker with admin privileges to achieve remote code execution. network low complexity ivanti CWE-89	7.2
2024-09-12	CVE-2024-32843	SQL Injection vulnerability in Ivanti Endpoint Manager An unspecified SQL injection in Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote authenticated attacker with admin privileges to achieve remote code execution. network low complexity ivanti CWE-89	7.2
2024-09-12	CVE-2024-32845	SQL Injection vulnerability in Ivanti Endpoint Manager An unspecified SQL injection in Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote authenticated attacker with admin privileges to achieve remote code execution. network low complexity ivanti CWE-89	7.2