Vulnerabilidades en Ivanti
376 resultadosCVE-2024-13164HIGHAn uninitialized resource in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a locaEPSS 0.4%CVE-2025-22458HIGHDLL hijacking in Ivanti Endpoint Manager before version 2024 SU1 or before version 2022 SU7 allows an authenticated attacker to escalate to EPSS 0.4%CVE-2024-8441MEDIUMAn uncontrolled search path in the agent of Ivanti EPM before 2022 SU6, or the 2024 September update allows a local authenticated attacker wEPSS 0.4%CVE-2024-13843MEDIUMCleartext storage of information in Ivanti Connect Secure before version 22.7R2.6 and Ivanti Policy Secure before version 22.7R1.3 allows a EPSS 0.3%CVE-2026-4914MEDIUMStored XSS in Ivanti N-ITSM before version 2025.4 allows a remote authenticated attacker to obtain limited information from other user sessiEPSS 0.3%CVE-2025-22455HIGHA hardcoded key in Ivanti Workspace Control before version 10.19.0.0 allows a local authenticated attacker to decrypt stored SQL credentialsEPSS 0.3%CVE-2025-5353HIGHA hardcoded key in Ivanti Workspace Control before version 10.19.10.0 allows a local authenticated attacker to decrypt stored SQL credentialEPSS 0.3%CVE-2023-38042HIGHA local privilege escalation vulnerability in Ivanti Secure Access Client for Windows allows a low privileged user to execute code as SYSTEMEPSS 0.3%CVE-2025-22463HIGHA hardcoded key in Ivanti Workspace Control before version 10.19.10.0 allows a local authenticated attacker to decrypt the stored environmenEPSS 0.3%CVE-2025-5468MEDIUMImproper handling of symbolic links in Ivanti Connect Secure before version 22.7R2.8 or 22.8R2, Ivanti Policy Secure before 22.7R1.5, IvantiEPSS 0.3%CVE-2025-22460HIGHDefault credentials in Ivanti Cloud Services Application before version 5.0.5 allows a local authenticated attacker to escalate their privilEPSS 0.3%CVE-2024-37398HIGHInsufficient validation in Ivanti Secure Access Client before 22.7R4 allows a local authenticated attacker to escalate their privileges.EPSS 0.3%CVE-2024-13842MEDIUMA hardcoded key in Ivanti Connect Secure before version 22.7R2.3 and Ivanti Policy Secure before version 22.7R1.3 allows a local authenticatEPSS 0.3%CVE-2023-46810HIGHA local privilege escalation vulnerability in Ivanti Secure Access Client for Linux before 22.7R1, allows a low privileged user to execute cEPSS 0.3%CVE-2025-5464MEDIUMInsertion of sensitive information into a log file in Ivanti Connect Secure before version 22.7R2.8 allows a local authenticated attacker toEPSS 0.3%CVE-2025-5463MEDIUMInsertion of sensitive information into a log file in Ivanti Connect Secure before version 22.7R2.8 and Ivanti Policy Secure before version EPSS 0.3%CVE-2025-8711MEDIUMCSRF in Ivanti Connect Secure before 22.7R2.9 or 22.8R2, Ivanti Policy Secure before 22.7R1.6, Ivanti ZTA Gateway before 2.8R2.3-723 and IvaEPSS 0.3%CVE-2024-39709HIGHIncorrect file permissions in Ivanti Connect Secure before version 22.6R2 (Not Applicable to 9.1Rx) and Ivanti Policy Secure before version EPSS 0.3%CVE-2023-28129—DSM 2022.2 SU2 and all prior versions allows a local low privileged account to execute arbitrary OS commands as the DSM software installatioEPSS 0.3%CVE-2024-29211HIGHA race condition in Ivanti Secure Access Client before version 22.7R4 allows a local authenticated attacker to modify sensitive configuratioEPSS 0.3%