Vulnerabilities > Ivanti > High

DATE CVE VULNERABILITY TITLE RISK
2023-11-03 CVE-2022-43555 Missing Authentication for Critical Function vulnerability in Ivanti Avalanche
Ivanti Avalanche Printer Device Service Missing Authentication Local Privilege Escalation Vulnerability
local
low complexity
ivanti CWE-306
7.8
2023-11-03 CVE-2022-44569 Improper Authentication vulnerability in Ivanti Automation
A locally authenticated attacker with low privileges can bypass authentication due to insecure inter-process communication.
local
low complexity
ivanti CWE-287
7.8
2023-11-03 CVE-2023-41725 Unrestricted Upload of File with Dangerous Type vulnerability in Ivanti Avalanche
Ivanti Avalanche EnterpriseServer Service Unrestricted File Upload Local Privilege Escalation Vulnerability
local
low complexity
ivanti CWE-434
7.8
2023-11-03 CVE-2023-41726 Incorrect Default Permissions vulnerability in Ivanti Avalanche
Ivanti Avalanche Incorrect Default Permissions allows Local Privilege Escalation Vulnerability
local
low complexity
ivanti CWE-276
7.8
2023-10-25 CVE-2023-38041 Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Ivanti Secure Access Client 22.2/22.3/22.5
A logged in user may elevate its permissions by abusing a Time-of-Check to Time-of-Use (TOCTOU) race condition.
local
high complexity
ivanti CWE-367
7.0
2023-09-21 CVE-2023-38343 XXE vulnerability in Ivanti Endpoint Manager
An XXE (XML external entity injection) vulnerability exists in the CSEP component of Ivanti Endpoint Manager before 2022 SU4.
network
low complexity
ivanti CWE-611
7.5
2023-08-10 CVE-2023-28129 Unspecified vulnerability in Ivanti Desktop & Server Management 2022.2
DSM 2022.2 SU2 and all prior versions allows a local low privileged account to execute arbitrary OS commands as the DSM software installation user.
local
low complexity
ivanti
7.8
2023-08-10 CVE-2023-32561 Unspecified vulnerability in Ivanti Avalanche
A previously generated artifact by an administrator could be accessed by an attacker.
network
low complexity
ivanti
7.5
2023-08-03 CVE-2023-35081 Path Traversal vulnerability in Ivanti Endpoint Manager Mobile
A path traversal vulnerability in Ivanti EPMM versions (11.10.x < 11.10.0.3, 11.9.x < 11.9.1.2 and 11.8.x < 11.8.1.2) allows an authenticated administrator to write arbitrary files onto the appliance.
network
low complexity
ivanti CWE-22
7.2
2023-07-21 CVE-2023-35077 Out-of-bounds Write vulnerability in Ivanti Endpoint Manager
An out-of-bounds write vulnerability on windows operating systems causes the Ivanti AntiVirus Product to crash.
network
low complexity
ivanti CWE-787
7.5