Filtered by vendor Ivanti
Subscriptions
Total
352 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-21828 | 1 Ivanti | 1 Incapptic Connect | 2024-11-21 | 7.2 High |
| A user with high privilege access to the Incapptic Connect web console can remotely execute code on the Incapptic Connect server using a unspecified attack vector in Incapptic Connect version 1.40.0, 1.39.1, 1.39.0, 1.38.1, 1.38.0, 1.37.1, 1.37.0, 1.36.0, 1.35.5, 1.35.4 and 1.35.3. | ||||
| CVE-2022-21826 | 2 Ivanti, Pulsesecure | 2 Connect Secure, Pulse Connect Secure | 2024-11-21 | 5.4 Medium |
| Pulse Secure version 9.115 and below may be susceptible to client-side http request smuggling, When the application receives a POST request, it ignores the request's Content-Length header and leaves the POST body on the TCP/TLS socket. This body ends up prefixing the next HTTP request sent down that connection, this means when someone loads website attacker may be able to make browser issue a POST to the application, enabling XSS. | ||||
| CVE-2022-21823 | 1 Ivanti | 1 Workspace Control | 2024-11-21 | 5.5 Medium |
| A insecure storage of sensitive information vulnerability exists in Ivanti Workspace Control <2021.2 (10.7.30.0) that could allow an attacker with locally authenticated low privileges to obtain key information due to an unspecified attack vector. | ||||
| CVE-2021-44720 | 2 Ivanti, Pulsesecure | 2 Connect Secure, Pulse Connect Secure | 2024-11-21 | 7.2 High |
| In Ivanti Pulse Secure Pulse Connect Secure (PCS) before 9.1R12, the administrator password is stored in the HTML source code of the "Maintenance > Push Configuration > Targets > Target Name" targets.cgi screen. A read-only administrative user can escalate to a read-write administrative role. | ||||
| CVE-2021-42133 | 1 Ivanti | 1 Avalanche | 2024-11-21 | 8.1 High |
| An exposed dangerous function vulnerability exists in Ivanti Avalanche before 6.3.3 allows an attacker with access to the Inforail Service to perform an arbitrary file write. | ||||
| CVE-2021-42132 | 1 Ivanti | 1 Avalanche | 2024-11-21 | 8.8 High |
| A command Injection vulnerability exists in Ivanti Avalanche before 6.3.3 allows an attacker with access to the Inforail Service to perform arbitrary command execution. | ||||
| CVE-2021-42131 | 1 Ivanti | 1 Avalanche | 2024-11-21 | 8.8 High |
| A SQL Injection vulnerability exists in Ivanti Avalance before 6.3.3 allows an attacker with access to the Inforail Service to perform privilege escalation. | ||||
| CVE-2021-42130 | 1 Ivanti | 1 Avalanche | 2024-11-21 | 8.8 High |
| A deserialization of untrusted data vulnerability exists in Ivanti Avalanche before 6.3.3 allows an attacker with access to the Inforail Service to perform arbitrary code execution. | ||||
| CVE-2021-42129 | 1 Ivanti | 1 Avalanche | 2024-11-21 | 8.8 High |
| A command injection vulnerability exists in Ivanti Avalanche before 6.3.3 allows an attacker with access to the Inforail Service to perform arbitrary command execution. | ||||
| CVE-2021-42128 | 1 Ivanti | 1 Avalanche | 2024-11-21 | 9.8 Critical |
| An exposed dangerous function vulnerability exists in Ivanti Avalanche before 6.3.3 using inforail Service allows Privilege Escalation via Enterprise Server Service. | ||||
| CVE-2021-42127 | 1 Ivanti | 1 Avalanche | 2024-11-21 | 9.8 Critical |
| A deserialization of untrusted data vulnerability exists in Ivanti Avalanche before 6.3.3 using Inforail Service allows arbitrary code execution via Data Repository Service. | ||||
| CVE-2021-42126 | 1 Ivanti | 1 Avalanche | 2024-11-21 | 8.8 High |
| An improper authorization control vulnerability exists in Ivanti Avalanche before 6.3.3 allows an attacker with access to the Inforail Service to perform privilege escalation. | ||||
| CVE-2021-42125 | 1 Ivanti | 1 Avalanche | 2024-11-21 | 8.8 High |
| An unrestricted file upload vulnerability exists in Ivanti Avalanche before 6.3.3 allows an attacker with access to the Inforail Service to write dangerous files. | ||||
| CVE-2021-42124 | 1 Ivanti | 1 Avalanche | 2024-11-21 | 8.8 High |
| An improper access control vulnerability exists in Ivanti Avalanche before 6.3.3 allows an attacker with access to the Inforail Service to perform a session takeover. | ||||
| CVE-2021-3540 | 1 Ivanti | 1 Mobileiron | 2024-11-21 | 6.5 Medium |
| By abusing the 'install rpm info detail' command, an attacker can escape the restricted clish shell on affected versions of Ivanti MobileIron Core. This issue was fixed in version 11.1.0.0. | ||||
| CVE-2021-3198 | 1 Ivanti | 1 Mobileiron | 2024-11-21 | 6.5 Medium |
| By abusing the 'install rpm url' command, an attacker can escape the restricted clish shell on affected versions of Ivanti MobileIron Core. This issue was fixed in version 11.1.0.0. | ||||
| CVE-2021-38560 | 1 Ivanti | 1 Service Manager | 2024-11-21 | 6.1 Medium |
| Ivanti Service Manager 2021.1 allows reflected XSS via the appName parameter associated with ConfigDB calls, such as in RelocateAttachments.aspx. | ||||
| CVE-2021-36235 | 1 Ivanti | 1 Workspace Control | 2024-11-21 | 7.8 High |
| An issue was discovered in Ivanti Workspace Control before 10.6.30.0. A locally authenticated user with low privileges can bypass File and Folder Security by leveraging an unspecified attack vector. As a result, the attacker can start applications with elevated privileges. | ||||
| CVE-2021-30497 | 1 Ivanti | 1 Avalanche | 2024-11-21 | 7.5 High |
| Ivanti Avalanche (Premise) 6.3.2 allows remote unauthenticated users to read arbitrary files via Absolute Path Traversal. The imageFilePath parameter processed by the /AvalancheWeb/image endpoint is not verified to be within the scope of the image folder, e.g., the attacker can obtain sensitive information via the C:/Windows/system32/config/system.sav value. | ||||
| CVE-2021-22965 | 2 Ivanti, Pulsesecure | 2 Connect Secure, Pulse Connect Secure | 2024-11-21 | 7.5 High |
| A vulnerability in Pulse Connect Secure before 9.1R12.1 could allow an unauthenticated administrator to causes a denial of service when a malformed request is sent to the device. | ||||