Filtered by vendor Ivanti
Subscribe
Total
416 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2023-34298 | 1 Ivanti | 3 Pulse Secure Desktop Client, Pulse Secure Installer Service, Secure Access Client | 2025-08-13 | N/A | 7.8 HIGH |
Pulse Secure Client SetupService Directory Traversal Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Pulse Secure Client. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within SetupService. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the service. Was ZDI-CAN-17687. | |||||
CVE-2024-9167 | 1 Ivanti | 1 Velocity License Server | 2025-08-13 | N/A | 7.8 HIGH |
Under specific circumstances, insecure permissions in Ivanti Velocity License Server before version 5.2 allows a local authenticated attacker to achieve local privilege escalation. | |||||
CVE-2024-10256 | 1 Ivanti | 6 Endpoint Manager, Neurons Agent Platform, Neurons For Patch Management and 3 more | 2025-08-12 | N/A | 7.1 HIGH |
Insufficient permissions in Ivanti Patch SDK before version 9.7.703 allows a local authenticated attacker to delete arbitrary files. | |||||
CVE-2024-13158 | 1 Ivanti | 1 Endpoint Manager | 2025-08-12 | N/A | 7.2 HIGH |
An unbounded resource search path in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote authenticated attacker with admin privileges to achieve remote code execution. | |||||
CVE-2020-8218 | 2 Ivanti, Pulsesecure | 3 Connect Secure, Policy Secure, Pulse Policy Secure | 2025-07-30 | 6.5 MEDIUM | 7.2 HIGH |
A code injection vulnerability exists in Pulse Connect Secure <9.1R8 that allows an attacker to crafted a URI to perform an arbitrary code execution via the admin web interface. | |||||
CVE-2024-8540 | 1 Ivanti | 1 Standalone Sentry | 2025-07-30 | N/A | 8.8 HIGH |
Insecure permissions in Ivanti Sentry before versions 9.20.2 and 10.0.2 or 10.1.0 allow a local authenticated attacker to modify sensitive application components. | |||||
CVE-2023-38036 | 1 Ivanti | 1 Avalanche | 2025-07-17 | N/A | 9.8 CRITICAL |
A security vulnerability within Ivanti Avalanche Manager before version 6.4.1 may allow an unauthenticated attacker to create a buffer overflow that could result in service disruption or arbitrary code execution. | |||||
CVE-2023-39339 | 1 Ivanti | 1 Policy Secure | 2025-07-17 | N/A | 4.9 MEDIUM |
A vulnerability exists on all versions of Ivanti Policy Secure below 22.6R1 where an authenticated administrator can perform an arbitrary file read via a maliciously crafted web request. | |||||
CVE-2024-38648 | 1 Ivanti | 1 Desktop \& Server Management | 2025-07-17 | N/A | 5.7 MEDIUM |
A hardcoded secret in Ivanti DSM before 2024.2 allows an authenticated attacker on an adjacent network to decrypt sensitive data including user credentials. | |||||
CVE-2025-22460 | 1 Ivanti | 1 Cloud Services Appliance | 2025-07-16 | N/A | 7.8 HIGH |
Default credentials in Ivanti Cloud Services Application before version 5.0.5 allows a local authenticated attacker to escalate their privileges. | |||||
CVE-2025-22462 | 1 Ivanti | 1 Neurons For Itsm | 2025-07-16 | N/A | 9.8 CRITICAL |
An authentication bypass in Ivanti Neurons for ITSM (on-prem only) before 2023.4, 2024.2 and 2024.3 with the May 2025 Security Patch allows a remote unauthenticated attacker to gain administrative access to the system. | |||||
CVE-2024-12058 | 1 Ivanti | 2 Connect Secure, Policy Secure | 2025-07-16 | N/A | 6.8 MEDIUM |
External control of a file name in Ivanti Connect Secure before version 22.7R2.6 and Ivanti Policy Secure before version 22.7R1.3 allows a remote authenticated attacker with admin privileges to read arbitrary files. | |||||
CVE-2025-22454 | 1 Ivanti | 1 Secure Access Client | 2025-07-16 | N/A | 7.8 HIGH |
Insufficiently restrictive permissions in Ivanti Secure Access Client before 22.7R4 allows a local authenticated attacker to escalate their privileges. | |||||
CVE-2024-39709 | 1 Ivanti | 2 Connect Secure, Policy Secure | 2025-07-16 | N/A | 7.8 HIGH |
Incorrect file permissions in Ivanti Connect Secure before version 22.6R2 (Not Applicable to 9.1Rx) and Ivanti Policy Secure before version 22.7R1 (Not Applicable to 9.1Rx) allow a local authenticated attacker to escalate their privileges. | |||||
CVE-2024-38649 | 1 Ivanti | 1 Connect Secure | 2025-07-16 | N/A | 7.5 HIGH |
An out-of-bounds write in IPsec of Ivanti Connect Secure before version 22.7R2.1(Not Applicable to 9.1Rx) allows a remote unauthenticated attacker to cause a denial of service. | |||||
CVE-2025-5450 | 1 Ivanti | 2 Connect Secure, Policy Secure | 2025-07-15 | N/A | 6.3 MEDIUM |
Improper access control in the certificate management component of Ivanti Connect Secure before version 22.7R2.8 and Ivanti Policy Secure before version 22.7R1.5 allows a remote authenticated admin with read-only rights to modify settings that should be restricted. | |||||
CVE-2025-5451 | 1 Ivanti | 2 Connect Secure, Policy Secure | 2025-07-15 | N/A | 4.9 MEDIUM |
A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.8 and Ivanti Policy Secure before version 22.7R1.5 allows a remote authenticated attacker with admin rights to trigger a denial of service. | |||||
CVE-2025-5463 | 1 Ivanti | 2 Connect Secure, Policy Secure | 2025-07-15 | N/A | 5.5 MEDIUM |
Insertion of sensitive information into a log file in Ivanti Connect Secure before version 22.7R2.8 and Ivanti Policy Secure before version 22.7R1.5 allows a local authenticated attacker to obtain that information. | |||||
CVE-2025-0292 | 1 Ivanti | 2 Connect Secure, Policy Secure | 2025-07-15 | N/A | 5.5 MEDIUM |
SSRF in Ivanti Connect Secure before version 22.7R2.8 and Ivanti Policy Secure before version 22.7R1.5 allows a remote authenticated attacker with admin rights to access internal network services. | |||||
CVE-2025-5464 | 1 Ivanti | 1 Connect Secure | 2025-07-15 | N/A | 6.5 MEDIUM |
Insertion of sensitive information into a log file in Ivanti Connect Secure before version 22.7R2.8 allows a local authenticated attacker to obtain that information. |