Vulnerabilidades en Ivanti
376 resultadosCVE-2025-10242HIGHOS command injection in the admin panel of Ivanti EPMM before version 12.6.0.2, 12.5.0.4, and 12.4.0.4 allows a remote authenticated attackeEPSS 21.1%CVE-2025-9712HIGHInsufficient filename validation in Ivanti Endpoint Manager before 2024 SU3 SR1 and 2022 SU8 SR2 allows a remote unauthenticated attacker toEPSS 20.5%CVE-2024-8191HIGHSQL injection in the management console of Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote unauthenticated attackerEPSS 19.6%CVE-2024-21894HIGHA heap overflow vulnerability in IPSec component of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure allows an unauthenticated malEPSS 19.0%CVE-2024-50324HIGHPath traversal in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote authentiEPSS 18.2%CVE-2024-34787HIGHPath traversal in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a local unauthentEPSS 17.9%CVE-2024-13171HIGHInsufficient filename validation in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allowsEPSS 17.6%CVE-2025-0283HIGHA stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.5, Ivanti Policy Secure before version 22.7R1.2, and Ivanti NeuEPSS 17.1%CVE-2024-9381HIGHPath traversal in Ivanti CSA before version 5.0.2 allows a remote authenticated attacker with admin privileges to bypass restrictions.EPSS 15.7%CVE-2022-36971CRITICALThis vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Avalanche 6.3.2.3490. Although authEPSS 15.0%CVE-2025-6771HIGHOS command injection in Ivanti Endpoint ManagerEPSS 14.8%CVE-2025-9713HIGHPath traversal in Ivanti Endpoint Manager before version 2024 SU4 allows a remote unauthenticated attacker to achieve remote code execution.EPSS 14.5%CVE-2025-9872HIGHInsufficient filename validation in Ivanti Endpoint Manager before 2024 SU3 SR1 and 2022 SU8 SR2 allows a remote unauthenticated attacker toEPSS 13.5%CVE-2023-41724CRITICALA command injection vulnerability in Ivanti Sentry prior to 9.19.0 allows unauthenticated threat actor to execute arbitrary commands on the EPSS 12.8%CVE-2025-6770HIGHOS command injection in Ivanti Endpoint ManagerEPSS 12.3%CVE-2023-28324HIGHA improper input validation vulnerability exists in Ivanti Endpoint Manager 2022 and below that could allow privilege escalation or remote cEPSS 11.8%CVE-2023-46220CRITICALAn attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial ofEPSS 11.3%CVE-2023-46225CRITICALAn attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial ofEPSS 11.3%CVE-2023-46257CRITICALAn attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial ofEPSS 11.3%CVE-2023-46261CRITICALAn attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial ofEPSS 11.3%