7 matches found
CVE-2026-8051
OS command injection in Ivanti Virtual Traffic Manager before version 22.9r4 allows a remote authenticated attacker with admin privileges to achieve remote code execution...
CVE-2026-8051
OS command injection in Ivanti Virtual Traffic Manager before version 22.9r4 allows a remote authenticated attacker with admin privileges to achieve remote code execution...
CVE-2026-8051
CVE-2026-8051 concerns Ivanti Virtual Traffic Manager (vTM). The NVD/CVE entries state an OS command injection vulnerability in vTM prior to version 22.9r4, allowing a remote authenticated attacker with admin privileges to achieve remote code execution. The description identifies affected product...
PT-2026-40041
Name of the Vulnerable Software and Affected Versions Ivanti Virtual Traffic Manager versions prior to 22.9r4 Description OS command injection allows a remote authenticated attacker with admin privileges to achieve remote code execution. Recommendations Update to version 22.9r4 or later...
CISA Adds One Known Exploited Vulnerability to Catalog
CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2024-7593link is external Ivanti Virtual Traffic Manager Authentication Bypass Vulnerability These types of vulnerabilities are frequent attack vectors for malicious...
The vulnerability of the Ivanti Virtual Traffic Manager (vTM)’s traffic management and load balancing functionality lies in its flawed authentication algorithm implementation, which allows attackers to circumvent existing security restrictions.
The vulnerability of the Ivanti Virtual Traffic Manager vTM in terms of traffic management and load balancing is related to the improper implementation of the authentication algorithm. Exploiting this vulnerability can allow a malicious actor to circumvent existing security restrictions remotely...
VulnCheck KEV: CVE-2024-7593
Ivanti Virtual Traffic Manager contains an authentication bypass vulnerability that allows a remote, unauthenticated attacker to create a chosen administrator account...