Vulnerabilidades em Ivanti
376 resultadosCVE-2024-36130CRITICALAn insufficient authorization vulnerability in web component of EPMM prior to 12.1.0.1 allows an unauthorized attacker within the network toEPSS 2.3%CVE-2024-10644CRITICALCode injection in Ivanti Connect Secure before version 22.7R2.4 and Ivanti Policy Secure before version 22.7R1.3 allows a remote authenticatEPSS 2.2%CVE-2023-32561HIGHA previously generated artifact by an administrator could be accessed by an attacker. The contents of this artifact could lead to authenticaEPSS 2.2%CVE-2024-36136HIGHAn off-by-one error in WLInfoRailService in Ivanti Avalanche 6.3.1 allows a remote unauthenticated attacker to crash the service, resulting EPSS 2.2%CVE-2024-13170HIGHAn out-of-bounds write in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote EPSS 2.2%CVE-2024-32842CRITICALAn unspecified SQL injection in Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote authenticated attacker with admin pEPSS 2.1%CVE-2024-32846CRITICALAn unspecified SQL injection in Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote authenticated attacker with admin pEPSS 2.1%CVE-2024-32843CRITICALAn unspecified SQL injection in Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote authenticated attacker with admin pEPSS 2.1%CVE-2023-32567MEDIUMIvanti Avalanche decodeToMap XML External Entity Processing. Fixed in version 6.4.1.236EPSS 2.1%CVE-2023-32566MEDIUMAn attacker can send a specially crafted request which could lead to leakage of sensitive data or potentially a resource-based DoS attack. FEPSS 2.1%CVE-2024-13165HIGHAn out-of-bounds write in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote EPSS 2.1%CVE-2024-13168HIGHAn out-of-bounds write in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote EPSS 2.1%CVE-2024-13167HIGHAn out-of-bounds write in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote EPSS 2.1%CVE-2024-37400HIGHAn out of bounds read in Ivanti Connect Secure before version 22.7R2.3 allows a remote unauthenticated attacker to trigger an infinite loop,EPSS 2.0%CVE-2023-32565MEDIUMAn attacker can send a specially crafted request which could lead to leakage of sensitive data or potentially a resource-based DoS attack. FEPSS 2.0%CVE-2023-46808CRITICALAn file upload vulnerability in Ivanti ITSM before 2023.4, allows an authenticated remote user to perform file writes to the server. SuccessEPSS 2.0%CVE-2024-23527MEDIUMAn out-of-bounds read vulnerability in WLAvalancheService component of Ivanti Avalanche before 6.4.3, in certain conditions can allow an unaEPSS 2.0%CVE-2024-13166HIGHAn out-of-bounds write in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote EPSS 2.0%CVE-2026-8051HIGHOS command injection in Ivanti Virtual Traffic Manager before version 22.9r4 allows a remote authenticated attacker with admin privileges toEPSS 1.9%CVE-2024-39710CRITICALArgument injection in Ivanti Connect Secure before version 22.7R2.1 and 9.1R18.7 and Ivanti Policy Secure before version 22.7R1.1 allows a rEPSS 1.9%