Vulnerabilities > Ivanti > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-10-15 | CVE-2018-15592 | Improper Privilege Management vulnerability in Ivanti Workspace Control An issue was discovered in Ivanti Workspace Control before 10.3.10.0 and RES One Workspace. | 4.6 |
| 2018-10-15 | CVE-2018-15591 | Exposure of Resource to Wrong Sphere vulnerability in Ivanti Workspace Control An issue was discovered in Ivanti Workspace Control before 10.3.10.0 and RES One Workspace. | 4.6 |
| 2018-09-06 | CVE-2018-14366 | Open Redirect vulnerability in multiple products download.cgi in Pulse Secure Pulse Connect Secure 8.1RX before 8.1R13 and 8.3RX before 8.3R4 and Pulse Policy Secure through 5.2RX before 5.2R10 and 5.4RX before 5.4R4 have an Open Redirect Vulnerability. | 6.1 |
| 2018-06-29 | CVE-2018-8902 | Improper Authentication vulnerability in Ivanti Avalanche An issue was discovered in Ivanti Avalanche for all versions between 5.3 and 6.2. | 4.0 |
| 2018-02-15 | CVE-2018-6316 | Incorrect Authorization vulnerability in Ivanti Endpoint Security 8.5 Ivanti Endpoint Security (formerly HEAT Endpoint Management and Security Suite) 8.5 Update 1 and earlier allows an authenticated user with low privileges and access to the local network to bypass application whitelisting when using the Application Control module on Ivanti Endpoint Security in lockdown mode. | 6.0 |
| 2017-12-11 | CVE-2017-11463 | Permission Issues vulnerability in Ivanti Endpoint Manager 2016.4/2017.1/2017.3 In Ivanti Service Desk (formerly LANDESK Management Suite) versions between 2016.3 and 2017.3, an Unrestricted Direct Object Reference leads to referencing/updating objects belonging to other users. | 6.5 |
| 2016-05-26 | CVE-2016-4792 | Unspecified vulnerability in Ivanti Connect Secure 8.2 Pulse Connect Secure (PCS) 8.2 before 8.2r1 allows remote attackers to disclose sign in pages via unspecified vectors. | 5.3 |
| 2016-05-26 | CVE-2016-4790 | Cross-site Scripting vulnerability in multiple products Cross-site scripting (XSS) vulnerability in the administrative user interface in Pulse Connect Secure (PCS) 8.2 before 8.2r1, 8.1 before 8.1r2, 8.0 before 8.0r9, and 7.4 before 7.4r13.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 5.5 |
| 2016-05-26 | CVE-2016-4789 | Cross-site Scripting vulnerability in multiple products Cross-site scripting (XSS) vulnerability in the system configuration section in the administrative user interface in Pulse Connect Secure (PCS) 8.2 before 8.2r1, 8.1 before 8.1r2, 8.0 before 8.0r9, and 7.4 before 7.4r13.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 6.1 |
| 2016-05-26 | CVE-2016-4788 | Pulse Connect Secure (PCS) 8.2 before 8.2r1, 8.1 before 8.1r2, 8.0 before 8.0r10, and 7.4 before 7.4r13.4 allow remote attackers to read an unspecified system file via unknown vectors. | 5.8 |