Vulnerabilities > Ivanti > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-12-17 | CVE-2019-19675 | Incorrect Default Permissions vulnerability in Ivanti Workspace Control In Ivanti Workspace Control before 10.3.180.0. | 4.4 |
| 2019-06-28 | CVE-2018-20814 | Cross-site Scripting vulnerability in multiple products An XSS issue was found with Psaldownload.cgi in Pulse Secure Pulse Connect Secure (PCS) 8.3R2 before 8.3R2 and Pulse Policy Secure (PPS) 5.4RX before 5.4R2. | 6.1 |
| 2019-06-28 | CVE-2018-20811 | Information Exposure vulnerability in Ivanti Connect Secure 8.1/8.3 A hidden RPC service issue was found with Pulse Secure Pulse Connect Secure 8.3RX before 8.3R2 and 8.1RX before 8.1R12. | 5.3 |
| 2019-06-28 | CVE-2018-20808 | Cross-site Scripting vulnerability in Ivanti Connect Secure 8.3 An XSS issue has been found with rd.cgi in Pulse Secure Pulse Connect Secure 8.3RX before 8.3R3 due to improper header sanitization. | 6.1 |
| 2019-06-28 | CVE-2018-20807 | Cross-site Scripting vulnerability in Ivanti Connect Secure 8.1/8.2/8.3 An XSS issue has been found in welcome.cgi in Pulse Secure Pulse Connect Secure (PCS) 8.1.x before 8.1R12, 8.2.x before 8.2R9, and 8.3.x before 8.3R3 due to one of the URL parameters not being sanitized properly. | 6.1 |
| 2019-06-03 | CVE-2019-12375 | Files or Directories Accessible to External Parties vulnerability in Ivanti Landesk Management Suite 10.0.1.168 Open directories in Ivanti LANDESK Management Suite (LDMS, aka Endpoint Manager) 10.0.1.168 Service Update 5 may lead to remote information disclosure and arbitrary code execution. | 4.1 |
| 2019-06-03 | CVE-2019-12374 | SQL Injection vulnerability in Ivanti Landesk Management Suite 10.0.1.168 A SQL Injection vulnerability exists in Ivanti LANDESK Management Suite (LDMS, aka Endpoint Manager) 10.0.1.168 Service Update 5 due to improper username sanitization in the Basic Authentication implementation in core/provisioning.secure/ProvisioningSecure.asmx in Provisioning.Secure.dll. | 6.8 |
| 2019-05-08 | CVE-2019-11507 | Cross-site Scripting vulnerability in Ivanti Connect Secure 8.3/9.0 In Pulse Secure Pulse Connect Secure (PCS) 8.3.x before 8.3R7.1 and 9.0.x before 9.0R3, an XSS issue has been found on the Application Launcher page. | 6.1 |
| 2019-04-26 | CVE-2019-11543 | Cross-site Scripting vulnerability in multiple products XSS exists in the admin web console in Pulse Secure Pulse Connect Secure (PCS) 9.0RX before 9.0R3.4, 8.3RX before 8.3R7.1, and 8.1RX before 8.1R15.1 and Pulse Policy Secure 9.0RX before 9.0R3.2, 5.4RX before 5.4R7.1, and 5.2RX before 5.2R12.1. | 6.1 |
| 2019-04-05 | CVE-2019-10885 | Permissions, Privileges, and Access Controls vulnerability in Ivanti Workspace Control An issue was discovered in Ivanti Workspace Control before 10.3.90.0. | 4.6 |