Vulnerabilities in Ivanti
376 resultsCVE-2024-47907HIGHA stack-based buffer overflow in IPsec of Ivanti Connect Secure before version 22.7R2.3 allows a remote unauthenticated attacker to cause a EPSS 1.5%CVE-2024-37401HIGHAn out-of-bounds read in IPsec of Ivanti Connect Secure before version 22.7R2.1 allows a remote unauthenticated attacker to cause a denial oEPSS 1.4%CVE-2026-9614HIGHAn Improper Access Control vulnerability in Ivanti Neurons for ITSM (cloud and on-premises) allows a remote authenticated attacker to gain aEPSS 1.4%CVE-2024-9420HIGHA use-after-free in Ivanti Connect Secure before version 22.7R2.3 and 9.1R18.9
and Ivanti Policy Secure before version 22.7R1.2 allows a rEPSS 1.4%CVE-2024-23533MEDIUMAn out-of-bounds read vulnerability in WLAvalancheService component of Ivanti Avalanche before 6.4.3, in certain conditions can allow an autEPSS 1.4%CVE-2024-8495HIGHA null pointer dereference in Ivanti Connect Secure before version 22.7R2.1 and Ivanti Policy Secure before version 22.7R1.1 allows a remoteEPSS 1.3%CVE-2024-38657CRITICALExternal control of a file name in Ivanti Connect Secure before version 22.7R2.4 and Ivanti Policy Secure before version 22.7R1.3 allows a rEPSS 1.3%CVE-2024-36132HIGHInsufficient verification of authentication controls in EPMM prior to 12.1.0.1 allows a remote attacker to bypass authentication and access EPSS 1.2%CVE-2024-47007HIGHA NULL pointer dereference in WLAvalancheService.exe of Ivanti Avalanche before version 6.4.5 allows a remote unauthenticated attacker to caEPSS 1.2%CVE-2024-8320MEDIUMMissing authentication in Network Isolation of Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote unauthenticated attaEPSS 1.2%CVE-2025-43716MEDIUMA directory traversal vulnerability exists in Ivanti LANDesk Management Gateway through 4.2-1.9. By appending %3F.php to the URI of the /cliEPSS 1.2%CVE-2025-8297HIGHIncomplete restriction of configuration in Ivanti Avalanche before version 6.4.8.8008 allows a remote authenticated attacker with admin privEPSS 1.1%CVE-2025-13661HIGHPath traversal in Ivanti Endpoint Manager prior to version 2024 SU4 SR1 allows a remote authenticated attacker to write arbitrary files outsEPSS 1.1%CVE-2024-22060HIGHAn unrestricted file upload vulnerability in web component of Ivanti Neurons for ITSM allows a remote, authenticated, high privileged user tEPSS 1.1%CVE-2024-50317HIGHA null pointer dereference in Ivanti Avalanche before 6.4.6 allows a remote unauthenticated attacker to cause a denial of service.EPSS 1.1%CVE-2024-50321HIGHAn infinite loop in Ivanti Avalanche before 6.4.6 allows a remote unauthenticated attacker to cause a denial of service.EPSS 1.1%CVE-2024-50318HIGHA null pointer dereference in Ivanti Avalanche before 6.4.6 allows a remote unauthenticated attacker to cause a denial of service.EPSS 1.1%CVE-2024-50319HIGHAn infinite loop in Ivanti Avalanche before 6.4.6 allows a remote unauthenticated attacker to cause a denial of service.EPSS 1.1%CVE-2025-22461HIGHSQL injection in Ivanti Endpoint Manager before version 2024 SU1 or before version 2022 SU7 allows a remote authenticated attacker with admiEPSS 1.1%CVE-2024-22026MEDIUMA local privilege escalation vulnerability in EPMM before 12.1.0.0 allows an authenticated local user to bypass shell restriction and executEPSS 1.1%