Vulnerabilities in Ivanti
376 resultsCVE-2025-7037HIGHSQL injection in Ivanti Endpoint ManagerEPSS 0.9%CVE-2024-11004MEDIUMReflected XSS in Ivanti Connect Secure before version 22.7R2.1 and Ivanti Policy Secure before version 22.7R1.1 allows a remote unauthenticaEPSS 0.9%CVE-2026-8043CRITICALExternal control of a file name in Ivanti Xtraction before version 2026.2 allows a remote authenticated attacker to read sensitive files andEPSS 0.9%CVE-2025-55141HIGHMissing authorization in Ivanti Connect Secure before 22.7R2.9 or 22.8R2, Ivanti Policy Secure before 22.7R1.6, Ivanti ZTA Gateway before 2.EPSS 0.9%CVE-2025-55142HIGHMissing authorization in Ivanti Connect Secure before 22.7R2.9 or 22.8R2, Ivanti Policy Secure before 22.7R1.6, Ivanti ZTA Gateway before 2.EPSS 0.9%CVE-2025-55139MEDIUMSSRF in Ivanti Connect Secure before 22.7R2.9 or 22.8R2, Ivanti Policy Secure before 22.7R1.6, Ivanti ZTA Gateway before 2.8R2.3-723 and IvaEPSS 0.8%CVE-2023-39338MEDIUMEnables an authenticated user (enrolled device) to access a service protected by Sentry even if they are not authorized according to the senEPSS 0.8%CVE-2026-5788HIGHAn Improper Access Control in Ivanti EPMM before versions 12.6.1.1, 12.7.0.1, and 12.8.0.1 allows a remote unauthenticated attacker to invokEPSS 0.8%CVE-2022-44569HIGHA locally authenticated attacker with low privileges can bypass authentication due to insecure inter-process communication.EPSS 0.8%CVE-2025-11623MEDIUMSQL injection in Ivanti Endpoint Manager before version 2024 SU5 allows a remote authenticated attacker to read arbitrary data from the dataEPSS 0.8%CVE-2025-62383MEDIUMSQL injection in Ivanti Endpoint Manager before version 2024 SU5 allows a remote authenticated attacker to read arbitrary data from the dataEPSS 0.8%CVE-2025-62384MEDIUMSQL injection in Ivanti Endpoint Manager before version 2024 SU5 allows a remote authenticated attacker to read arbitrary data from the dataEPSS 0.8%CVE-2025-62388MEDIUMSQL injection in Ivanti Endpoint Manager before version 2024 SU5 allows a remote authenticated attacker to read arbitrary data from the dataEPSS 0.8%CVE-2025-62392MEDIUMSQL injection in Ivanti Endpoint Manager before version 2024 SU5 allows a remote authenticated attacker to read arbitrary data from the dataEPSS 0.8%CVE-2025-62385MEDIUMSQL injection in Ivanti Endpoint Manager before version 2024 SU5 allows a remote authenticated attacker to read arbitrary data from the dataEPSS 0.8%CVE-2025-62391MEDIUMSQL injection in Ivanti Endpoint Manager before version 2024 SU5 allows a remote authenticated attacker to read arbitrary data from the dataEPSS 0.8%CVE-2025-62386MEDIUMSQL injection in Ivanti Endpoint Manager before version 2024 SU5 allows a remote authenticated attacker to read arbitrary data from the dataEPSS 0.8%CVE-2025-55146MEDIUMAn unchecked return value in Ivanti Connect Secure before 22.7R2.9 or 22.8R2, Ivanti Policy Secure before 22.7R1.6, Ivanti ZTA Gateway beforEPSS 0.7%CVE-2025-11622HIGHInsecure deserialization in Ivanti Endpoint Manager before version 2024 SU4 allows a local authenticated attacker to escalate their privilegEPSS 0.7%CVE-2025-8310MEDIUMMissing authorization in the admin console of Ivanti Virtual Application Delivery Controller before version 22.9 allows a remote authenticatEPSS 0.7%