4374 matches found
Ivanti Endpoint Manager Mobile - Unauthenticated Remote Code Execution
An authentication bypass in Ivanti Endpoint Manager Mobile allowing attackers to access protected resources without proper credentials. This leads to unauthenticated Remote Code Execution via unsafe userinput in one of the bean validators which is sink for Server-Side Template Injection. id:...
Ivanti EPM Cloud Services Appliance Code Injection
Ivanti EPM Cloud Services Appliance CSA before version 4.6.0-512 is susceptible to a code injection vulnerability because it allows an unauthenticated user to execute arbitrary code with limited permissions nobody. id: CVE-2021-44529 info: name: Ivanti EPM Cloud Services Appliance Code Injection...
Ivanti Endpoint Manager - Authentication Bypass
Ivanti Endpoint Manager 2024 SU5 contains an authentication bypass caused by improper access control, letting remote unauthenticated attackers leak stored credential data, exploit requires no special privileges. id: CVE-2026-1603 info: name: Ivanti Endpoint Manager - Authentication Bypass author:...
Ivanti Avalanche 6.3.2 - Local File Inclusion
Ivanti Avalanche 6.3.2 is vulnerable to local file inclusion because it allows remote unauthenticated user to access files that reside outside the 'image' folder. id: CVE-2021-30497 info: name: Ivanti Avalanche 6.3.2 - Local File Inclusion author: gy741 severity: high description: Ivanti Avalanch...
Ivanti EPM - Credential Coercion Vulnerability in GetHashForWildcard
A vulnerability in Ivanti Endpoint Manager EPM allows an unauthenticated attacker to coerce the EPM machine account credential via the GetHashForWildcard endpoint. The vulnerability exists due to improper input validation in the wildcard parameter, allowing an attacker to specify a remote UNC pat...
Ivanti Connect Secure - XXE
Ivanti Connect Secure is vulnerable to XXE XML External Entity injection. id: CVE-2024-22024 info: name: Ivanti Connect Secure - XXE author: watchTowr severity: high description: | Ivanti Connect Secure is vulnerable to XXE XML External Entity injection. impact: | Successful exploitation of this...
Ivanti Avalanche - Remote Code Execution
An unauthenticated attacker could achieve the code execution through a RemoteControl server. id: CVE-2023-32563 info: name: Ivanti Avalanche - Remote Code Execution author: princechaddha severity: critical description: An unauthenticated attacker could achieve the code execution through a...
Ivanti EPM - Credential Coercion Vulnerability in GetHashForWildcardRecursive
A vulnerability in Ivanti Endpoint Manager EPM allows an unauthenticated attacker to coerce the EPM machine account credential via the GetHashForWildcardRecursive endpoint. The vulnerability exists due to improper input validation in the wildcard parameter, allowing an attacker to specify a remot...
Ivanti EPM - Credential Coercion Vulnerability in GetHashForSingleFile
A vulnerability in Ivanti Endpoint Manager EPM allows an unauthenticated attacker to coerce the EPM machine account credential via the GetHashForSingleFile endpoint. The vulnerability exists due to improper input validation in the wildcard parameter, allowing an attacker to specify a remote UNC...
Ivanti Cloud Services Appliance - Path Traversal
Path Traversal in the Ivanti CSA before 4.6 Patch 519 allows a remote unauthenticated attacker to access restricted functionality. id: CVE-2024-8963 info: name: Ivanti Cloud Services Appliance - Path Traversal author: johnk3r severity: critical description: | Path Traversal in the Ivanti CSA befo...
Ivanti Avalanche SmartDeviceServer - XML External Entity
XXE in SmartDeviceServer in Ivanti Avalanche 6.3.1 allows a remote unauthenticated attacker to read arbitrary files on the server. id: CVE-2024-38653 info: name: Ivanti Avalanche SmartDeviceServer - XML External Entity author: DhiyaneshDK severity: high description: | XXE in SmartDeviceServer in...
The vulnerability of the built-in mobile security firewall Ivanti Sentry arises from the use of an alternative path or channel, which allows a intruder to elevate their privileges and gain full access to the device.
The vulnerability of the built-in mobile security firewall, Ivanti Sentry, relates to bypassing authentication using an alternative path or channel. Exploiting this vulnerability allows a malicious actor to enhance their privileges and gain full access to the device...
MobileIron Core - Remote Unauthenticated API Access
Ivanti Endpoint Manager Mobile EPMM, formerly MobileIron Core, Since CVE-2023-35082 arises from the same place as CVE-2023-35078, specifically the permissive nature of certain entries in the mifs web application’s security filter chain. id: CVE-2023-35082 info: name: MobileIron Core - Remote...
Ivanti vTM - Authentication Bypass
Incorrect implementation of an authentication algorithm in Ivanti vTM other than versions 22.2R1 or 22.7R2 allows a remote unauthenticated attacker to bypass authentication of the admin panel. id: CVE-2024-7593 info: name: Ivanti vTM - Authentication Bypass author: gy741 severity: critical...
Pulse Connect Secure SSL VPN Arbitrary File Read
Pulse Secure Pulse Connect Secure PCS 8.2 before 8.2R12.1, 8.3 before 8.3R7.1, and 9.0 before 9.0R3.4 all contain an arbitrary file reading vulnerability that could allow unauthenticated remote attackers to send a specially crafted URI to gain improper access. id: CVE-2019-11510 info: name: Pulse...
Ivanti EPM - Remote Code Execution
An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an unauthenticated attacker within the same network to execute arbitrary code. id: CVE-2024-29824 info: name: Ivanti EPM - Remote Code Execution author: DhiyaneshDK severity: critical description: | ...
Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure (9.x, 22.x) - Command Injection
A command injection vulnerability in web components of Ivanti Connect Secure 9.x, 22.x and Ivanti Policy Secure 9.x, 22.x allows an authenticated administrator to send specially crafted requests and execute arbitrary commands on the appliance. id: CVE-2024-21887 info: name: Ivanti Connect Secure...
Ivanti SAML - Server Side Request Forgery (SSRF)
A server-side request forgery vulnerability in the SAML component of Ivanti Connect Secure 9.x, 22.x and Ivanti Policy Secure 9.x, 22.x and Ivanti Neurons for ZTA allows an attacker to access certain restricted resources without authentication. id: CVE-2024-21893 info: name: Ivanti SAML - Server...
Ivanti ICS - Authentication Bypass
An authentication bypass vulnerability in the web component of Ivanti ICS 9.x, 22.x and Ivanti Policy Secure allows a remote attacker to access restricted resources by bypassing control checks. id: CVE-2023-46805 info: name: Ivanti ICS - Authentication Bypass author: DhiyaneshDK,daffainfo,geeknik...
Ivanti Sentry - Authentication Bypass
A security vulnerability in MICS Admin Portal in Ivanti MobileIron Sentry versions 9.18.0 and below, which may allow an attacker to bypass authentication controls on the administrative interface due to an insufficiently restrictive Apache HTTPD configuration. id: CVE-2023-38035 info: name: Ivanti...