Vulnerabilidades em Ivanti
376 resultadosCVE-2024-24998HIGHA Path Traversal vulnerability in web component of Ivanti Avalanche before 6.4.3 allows a remote authenticated attacker to execute arbitraryEPSS 3.2%CVE-2024-27976HIGHA Path Traversal vulnerability in web component of Ivanti Avalanche before 6.4.3 allows a remote authenticated attacker to execute arbitraryEPSS 3.2%CVE-2024-10811CRITICALAbsolute path traversal in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remoteEPSS 3.2%CVE-2024-37381HIGHAn unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2024 flat allows an authenticated attacker within the same network tEPSS 3.1%CVE-2023-28323CRITICALA deserialization of untrusted data exists in EPM 2022 Su3 and all prior versions that allows an unauthenticated user to elevate rights. ThiEPSS 3.1%CVE-2024-32847HIGHSQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote authenticEPSS 3.1%CVE-2024-37376HIGHSQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote authenticEPSS 3.1%CVE-2024-25000HIGHA Path Traversal vulnerability in web component of Ivanti Avalanche before 6.4.3 allows a remote authenticated attacker to execute arbitraryEPSS 3.0%CVE-2024-22023MEDIUMAn XML entity expansion or XEE vulnerability in SAML component of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure allows an unautEPSS 3.0%CVE-2024-24999HIGHA Path Traversal vulnerability in web component of Ivanti Avalanche before 6.4.3 allows a remote authenticated attacker to execute arbitraryEPSS 2.9%CVE-2023-35084—Unsafe Deserialization of User Input could lead to Execution of Unauthorized Operations in Ivanti Endpoint Manager 2022 su3 and all previousEPSS 2.8%CVE-2024-13158HIGHAn unbounded resource search path in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allowEPSS 2.8%CVE-2024-23534HIGHAn Unrestricted File-upload vulnerability in web component of Ivanti Avalanche before 6.4.3 allows a remote authenticated attacker to executEPSS 2.7%CVE-2024-27975HIGHAn Use-after-free vulnerability in WLAvalancheService component of Ivanti Avalanche before 6.4.3 allows a remote authenticated attacker to eEPSS 2.6%CVE-2024-23531HIGHAn Integer Overflow vulnerability in WLInfoRailService component of Ivanti Avalanche before 6.4.3 allows an unauthenticated remote attacker EPSS 2.4%CVE-2023-39340HIGHA vulnerability exists on all versions of Ivanti Connect Secure below 22.6R2 where an attacker can send a specific request which may lead toEPSS 2.4%CVE-2024-24993HIGHA Race Condition (TOCTOU) vulnerability in web component of Ivanti Avalanche before 6.4.3 allows a remote authenticated attacker to execute EPSS 2.4%CVE-2024-24995HIGHA Race Condition (TOCTOU) vulnerability in web component of Ivanti Avalanche before 6.4.3 allows a remote authenticated attacker to execute EPSS 2.4%CVE-2024-36131HIGHAn insecure deserialization vulnerability in web component of EPMM prior to 12.1.0.1 allows an authenticated remote attacker to execute arbiEPSS 2.3%CVE-2023-39335—A security vulnerability has been identified in EPMM Versions 11.10, 11.9 and 11.8 and older allowing an unauthenticated threat actor to impEPSS 2.3%