Filtered by vendor Ivanti
Subscribe
Total
416 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-39710 | 1 Ivanti | 2 Connect Secure, Policy Secure | 2025-07-11 | N/A | 9.1 CRITICAL |
| Argument injection in Ivanti Connect Secure before version 22.7R2.1 and 9.1R18.7 and Ivanti Policy Secure before version 22.7R1.1 allows a remote authenticated attacker with admin privileges to achieve remote code execution. | |||||
| CVE-2024-39711 | 1 Ivanti | 2 Connect Secure, Policy Secure | 2025-07-11 | N/A | 9.1 CRITICAL |
| Argument injection in Ivanti Connect Secure before version 22.7R2.1 and 9.1R18.7 and Ivanti Policy Secure before version 22.7R1.1 allows a remote authenticated attacker with admin privileges to achieve remote code execution. | |||||
| CVE-2024-39712 | 1 Ivanti | 2 Connect Secure, Policy Secure | 2025-07-11 | N/A | 9.1 CRITICAL |
| Argument injection in Ivanti Connect Secure before version 22.7R2.1 and 9.1R18.7 and Ivanti Policy Secure before version 22.7R1.1 allows a remote authenticated attacker with admin privileges to achieve remote code execution. | |||||
| CVE-2024-37397 | 1 Ivanti | 1 Endpoint Manager | 2025-07-10 | N/A | 8.2 HIGH |
| An External XML Entity (XXE) vulnerability in the provisioning web service of Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote unauthenticated attacker to leak API secrets. | |||||
| CVE-2024-29821 | 1 Ivanti | 1 Desktop \& Server Management | 2025-07-10 | N/A | 7.8 HIGH |
| Ivanti DSM < version 2024.2 allows authenticated users on the local machine to run code with elevated privileges due to insecure ACL via unspecified attack vector. | |||||
| CVE-2024-29213 | 1 Ivanti | 1 Desktop \& Server Management | 2025-07-10 | N/A | 7.8 HIGH |
| Ivanti DSM < version 2024.2 allows authenticated users on the local machine to run code with elevated privileges due to insecure ACL via unspecified attack vector. | |||||
| CVE-2024-37381 | 1 Ivanti | 1 Endpoint Manager | 2025-07-10 | N/A | 8.0 HIGH |
| An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2024 flat allows an authenticated attacker within the same network to execute arbitrary code. | |||||
| CVE-2025-5353 | 1 Ivanti | 1 Workspace Control | 2025-07-10 | N/A | 8.8 HIGH |
| A hardcoded key in Ivanti Workspace Control before version 10.19.10.0 allows a local authenticated attacker to decrypt stored SQL credentials. | |||||
| CVE-2025-22463 | 1 Ivanti | 1 Workspace Control | 2025-07-10 | N/A | 7.3 HIGH |
| A hardcoded key in Ivanti Workspace Control before version 10.19.10.0 allows a local authenticated attacker to decrypt the stored environment password. | |||||
| CVE-2025-22455 | 1 Ivanti | 1 Workspace Control | 2025-07-10 | N/A | 8.8 HIGH |
| A hardcoded key in Ivanti Workspace Control before version 10.19.0.0 allows a local authenticated attacker to decrypt stored SQL credentials. | |||||
| CVE-2025-0293 | 1 Ivanti | 2 Connect Secure, Policy Secure | 2025-07-10 | N/A | 6.6 MEDIUM |
| CLRF injection in Ivanti Connect Secure before version 22.7R2.8 and Ivanti Policy Secure before version 22.7R1.5 allows a remote authenticated attacker with admin rights to write to a protected configuration file on disk. | |||||
| CVE-2024-38657 | 1 Ivanti | 2 Connect Secure, Policy Secure | 2025-07-09 | N/A | 4.9 MEDIUM |
| External control of a file name in Ivanti Connect Secure before version 22.7R2.4 and Ivanti Policy Secure before version 22.7R1.3 allows a remote authenticated attacker with admin privileges to write arbitrary files. | |||||
| CVE-2024-37377 | 1 Ivanti | 2 Connect Secure, Policy Secure | 2025-07-02 | N/A | 7.5 HIGH |
| A heap-based buffer overflow in IPsec of Ivanti Connect Secure before version 22.7R2.3 allows a remote unauthenticated attacker to cause a denial of service. | |||||
| CVE-2024-37401 | 1 Ivanti | 2 Connect Secure, Policy Secure | 2025-07-02 | N/A | 7.5 HIGH |
| An out-of-bounds read in IPsec of Ivanti Connect Secure before version 22.7R2.1 allows a remote unauthenticated attacker to cause a denial of service. | |||||
| CVE-2024-22059 | 1 Ivanti | 1 Neurons For Itsm | 2025-06-30 | N/A | 8.8 HIGH |
| A SQL injection vulnerability in web component of Ivanti Neurons for ITSM allows a remote authenticated user to read/modify/delete information in the underlying database. This may also lead to DoS. | |||||
| CVE-2024-22060 | 1 Ivanti | 1 Neurons For Itsm | 2025-06-30 | N/A | 4.9 MEDIUM |
| An unrestricted file upload vulnerability in web component of Ivanti Neurons for ITSM allows a remote, authenticated, high privileged user to write arbitrary files into sensitive directories of ITSM server. | |||||
| CVE-2024-37400 | 1 Ivanti | 1 Connect Secure | 2025-06-27 | N/A | 7.5 HIGH |
| An out of bounds read in Ivanti Connect Secure before version 22.7R2.3 allows a remote unauthenticated attacker to trigger an infinite loop, causing a denial of service. | |||||
| CVE-2024-38654 | 1 Ivanti | 1 Secure Access Client | 2025-06-27 | N/A | 4.4 MEDIUM |
| Improper bounds checking in Ivanti Secure Access Client before version 22.7R3 allows a local authenticated attacker with admin privileges to cause a denial of service. | |||||
| CVE-2024-38655 | 1 Ivanti | 2 Connect Secure, Policy Secure | 2025-06-27 | N/A | 7.2 HIGH |
| Argument injection in Ivanti Connect Secure before version 22.7R2.1 and 9.1R18.9 and Ivanti Policy Secure before version 22.7R1.1 and 9.1R18.9 allows a remote authenticated attacker with admin privileges to achieve remote code execution. | |||||
| CVE-2024-38656 | 1 Ivanti | 2 Connect Secure, Policy Secure | 2025-06-27 | N/A | 9.1 CRITICAL |
| Argument injection in Ivanti Connect Secure before version 22.7R2.2 and 9.1R18.9 and Ivanti Policy Secure before version 22.7R1.2 allows a remote authenticated attacker with admin privileges to achieve remote code execution. | |||||