Vulnerabilities > Ivanti > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-11-12 | CVE-2024-50324 | Path Traversal vulnerability in Ivanti Endpoint Manager Path traversal in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote authenticated attacker with admin privileges to achieve remote code execution. | 7.2 |
| 2024-11-12 | CVE-2024-50326 | SQL Injection vulnerability in Ivanti Endpoint Manager SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote authenticated attacker with admin privileges to achieve remote code execution. | 7.2 |
| 2024-11-12 | CVE-2024-50327 | SQL Injection vulnerability in Ivanti Endpoint Manager SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote authenticated attacker with admin privileges to achieve remote code execution. | 7.2 |
| 2024-11-12 | CVE-2024-50328 | SQL Injection vulnerability in Ivanti Endpoint Manager SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote authenticated attacker with admin privileges to achieve remote code execution. | 7.2 |
| 2024-11-12 | CVE-2024-50329 | Path Traversal vulnerability in Ivanti Endpoint Manager Path traversal in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote unauthenticated attacker to achieve remote code execution. | 8.8 |
| 2024-11-12 | CVE-2024-50331 | Out-of-bounds Read vulnerability in Ivanti Avalanche An out-of-bounds read vulnerability in Ivanti Avalanche before 6.4.6 allows a remote unauthenticated attacker to leak sensitive information in memory. | 7.5 |
| 2024-11-12 | CVE-2024-8495 | NULL Pointer Dereference vulnerability in Ivanti Connect Secure 22.7/7.1/7.4 A null pointer dereference in Ivanti Connect Secure before version 22.7R2.1 and Ivanti Policy Secure before version 22.7R1.1 allows a remote unauthenticated attacker to cause a denial of service. | 7.5 |
| 2024-11-12 | CVE-2024-9420 | Use After Free vulnerability in Ivanti Connect Secure 7.1/7.4 A use-after-free in Ivanti Connect Secure before version 22.7R2.3 and 9.1R18.9 and Ivanti Policy Secure before version 22.7R1.2 allows a remote authenticated attacker to achieve remote code execution | 8.8 |
| 2024-10-08 | CVE-2024-47007 | NULL Pointer Dereference vulnerability in Ivanti Avalanche A NULL pointer dereference in WLAvalancheService.exe of Ivanti Avalanche before version 6.4.5 allows a remote unauthenticated attacker to cause a denial of service. | 7.5 |
| 2024-10-08 | CVE-2024-47008 | Server-Side Request Forgery (SSRF) vulnerability in Ivanti Avalanche Server-side request forgery in Ivanti Avalanche before version 6.4.5 allows a remote unauthenticated attacker to leak sensitive information. | 7.5 |