Vulnerabilities in Ivanti
376 resultsCVE-2024-24994HIGHA Path Traversal vulnerability in web component of Ivanti Avalanche before 6.4.3 allows a remote authenticated attacker to execute arbitraryEPSS 68.1%CVE-2024-34781HIGHSQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote authenticEPSS 67.7%CVE-2024-37404CRITICALImproper Input Validation in the admin portal of Ivanti Connect Secure before 22.7R2.1 and 9.1R18.9, or Ivanti Policy Secure before 22.7R1.1EPSS 67.3%CVE-2024-29848HIGHAn unrestricted file upload vulnerability in web component of Ivanti Avalanche before 6.4.x allows an authenticated, privileged user to execEPSS 64.4%CVE-2024-29822CRITICALAn unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an unauthenticated attacker within the samEPSS 64.4%CVE-2024-13162HIGHSQL injection in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote authenticEPSS 64.2%CVE-2023-35081HIGHA path traversal vulnerability in Ivanti EPMM versions (11.10.x < 11.10.0.3, 11.9.x < 11.9.1.2 and 11.8.x < 11.8.1.2) allows an authenticatEPSS 63.3%KEVCVE-2024-9380HIGHAn OS command injection vulnerability in the admin web console of Ivanti CSA before version 5.0.2 allows a remote authenticated attacker witEPSS 63.0%KEVCVE-2024-13179HIGHPath Traversal in Ivanti Avalanche before version 6.4.7 allows a remote unauthenticated attacker to bypass authentication.EPSS 61.8%CVE-2024-37397HIGHAn External XML Entity (XXE) vulnerability in the provisioning web service of Ivanti EPM before 2022 SU6, or the 2024 September update allowEPSS 59.3%CVE-2024-47011HIGHPath Traversal in Ivanti Avalanche before version 6.4.5 allows a remote unauthenticated attacker to leak sensitive informationEPSS 57.0%CVE-2024-29847CRITICALDeserialization of untrusted data in the agent portal of Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote unauthentiEPSS 52.9%CVE-2026-10523CRITICALAn Authentication Bypass vulnerability (CWE-288) in Ivanti Sentry before the R10.5.2, R10.6.2 and R10.7.1 versions allows a remote unauthentEPSS 47.2%CVE-2024-47008HIGHServer-side request forgery in Ivanti Avalanche before version 6.4.5 allows a remote unauthenticated attacker to leak sensitive information.EPSS 46.6%CVE-2024-9379MEDIUMSQL injection in the admin web console of Ivanti CSA before version 5.0.2 allows a remote authenticated attacker with admin privileges to ruEPSS 43.6%KEVCVE-2024-32848CRITICALAn unspecified SQL injection in Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote authenticated attacker with admin pEPSS 43.4%CVE-2024-34783CRITICALAn unspecified SQL injection in Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote authenticated attacker with admin pEPSS 43.4%CVE-2024-50330CRITICALSQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote unauthentEPSS 40.5%CVE-2023-32562MEDIUMAn unrestricted upload of file with dangerous type vulnerability exists in Avalanche versions 6.3.x and below that could allow an attacker tEPSS 38.4%CVE-2024-47010HIGHPath Traversal in Ivanti Avalanche before version 6.4.5 allows a remote unauthenticated attacker to bypass authentication.EPSS 38.0%