Vulnerabilities > Ivanti > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-11-15 | CVE-2023-35080 | Unspecified vulnerability in Ivanti Secure Access Client A vulnerability has been identified in the Ivanti Secure Access Windows client, which could allow a locally authenticated attacker to exploit a vulnerable configuration, potentially leading to various security risks, including the escalation of privileges, denial of service, or information disclosure. | 7.8 |
| 2023-11-15 | CVE-2023-38043 | Unspecified vulnerability in Ivanti Secure Access Client A vulnerability exists on all versions of the Ivanti Secure Access Client below 22.6R1.1, which could allow a locally authenticated attacker to exploit a vulnerable configuration, potentially leading to a denial of service (DoS) condition on the user machine and, in some cases, resulting in a full compromise of the system. | 7.8 |
| 2023-11-15 | CVE-2023-38543 | Unspecified vulnerability in Ivanti Secure Access Client A vulnerability exists on all versions of the Ivanti Secure Access Client below 22.6R1.1, which could allow a locally authenticated attacker to exploit a vulnerable configuration, potentially leading to a denial of service (DoS) condition on the user machine. | 7.8 |
| 2023-11-15 | CVE-2023-41718 | Unspecified vulnerability in Ivanti Secure Access Client 22.2/22.3 When a particular process flow is initiated, an attacker may be able to gain unauthorized elevated privileges on the affected system when having control over a specific file. | 7.8 |
| 2023-11-03 | CVE-2022-43554 | Missing Authentication for Critical Function vulnerability in Ivanti Avalanche Ivanti Avalanche Smart Device Service Missing Authentication Local Privilege Escalation Vulnerability | 7.8 |
| 2023-11-03 | CVE-2022-43555 | Missing Authentication for Critical Function vulnerability in Ivanti Avalanche Ivanti Avalanche Printer Device Service Missing Authentication Local Privilege Escalation Vulnerability | 7.8 |
| 2023-11-03 | CVE-2022-44569 | Improper Authentication vulnerability in Ivanti Automation A locally authenticated attacker with low privileges can bypass authentication due to insecure inter-process communication. | 7.8 |
| 2023-11-03 | CVE-2023-41725 | Unrestricted Upload of File with Dangerous Type vulnerability in Ivanti Avalanche Ivanti Avalanche EnterpriseServer Service Unrestricted File Upload Local Privilege Escalation Vulnerability | 7.8 |
| 2023-11-03 | CVE-2023-41726 | Incorrect Default Permissions vulnerability in Ivanti Avalanche Ivanti Avalanche Incorrect Default Permissions allows Local Privilege Escalation Vulnerability | 7.8 |
| 2023-10-25 | CVE-2023-38041 | Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Ivanti Secure Access Client 22.2/22.3/22.5 A logged in user may elevate its permissions by abusing a Time-of-Check to Time-of-Use (TOCTOU) race condition. | 7.0 |