Lucene search
+L
IvantiMost viewed

286 matches found

ivanti
ivanti
added 2025/01/13 9:46 p.m.23 views

Security Advisory EPM January 2025 for EPM 2024 and EPM 2022 SU6

Update Regarding Ivanti EPM Endpoint Manager Downloads As part of our ongoing efforts to enhance your experience and streamline our processes we have migrated the software downloads from the Ivanti Community to the Ivanti License System ILS. You will continue to use your current Ivanti Single...

9.8CVSS9.7AI score0.99762EPSS
Exploits4
ivanti
ivanti
added 2024/08/20 8:10 a.m.23 views

N-MDM -- Impact of CVE-2024-4603 on N-MDM and N-MDM connector

Issue Summary: Checking excessively long DSA keys or parameters may be very slow. Impact summary: Applications that use the functions EVPPKEYparamcheck or EVPPKEYpubliccheck to check a DSA public key or DSA parameters may experience long delays. Where the key or parameters that are being checked...

5.3CVSS6.8AI score0.01131EPSS
Exploits0
ivanti
ivanti
added 2023/02/14 7:22 a.m.23 views

SA40886 - ssl3_read_bytes Function Denial of Service Vulnerability (CVE-2016-8610)

Edit: 4th of March 2024 - This isn't an active SA and any new edits are part of an article maintenance project. A denial of service flaw due to improperly handling of warning packets during a TLS/SSL connection handshake. A remote attacker could use this flaw to consume an excessive amount of CPU...

7.5CVSS7AI score0.39657EPSS
Exploits1
ivanti
ivanti
added 2023/02/14 7:22 a.m.22 views

JSA10544 - 2012-11 Security Bulletin: Steel-Belted Radius: Multiple OpenSSL Vulnerabilities

Problem OpenSSL software distributed with Steel-Belted Radius is vulnerable to CVE-2011-4619, and CVE-2011-4576. These may allow decrypting encrypted information or cause a denial of service condition for the Steel-Belted Radius server. CVE-2011-4576 The SSL 3.0 implementation in OpenSSL before...

5CVSS7.5AI score0.16645EPSS
Exploits0
ivanti
ivanti
added 2023/02/14 7:22 a.m.22 views

JSA10591 - 2013-09 Security Bulletin: Pulse Connect Secure and Pulse Policy Secure: Multiple OpenSSL vulnerabilities

Edit: 4th of March 2024 - This isn't an active SA and any new edits are part of an article maintenance project. Multiple OpenSSL vulnerabilities have been found in the PCS and PPS devices. CVE| Issue| CVE Description| CVSS Score ---|---|---|--- CVE-2012-2131| OpenSSL buffer overflow issue| Multip...

7.5CVSS8.6AI score0.35584EPSS
Exploits1
ivanti
ivanti
added 2023/02/14 7:22 a.m.22 views

SA40018 - System vulnerability issue in terms of CVE-2011-3188

Edit: 4th of March 2024 - This isn't an active SA and any new edits are part of an article maintenance project. This article describes the issue of System vulnerability, which is related to CVE-2011-3188. Customer used security audit tools to verify if PCS is vulnerable and it reported the...

9.1CVSS6.7AI score0.05798EPSS
Exploits0
ivanti
ivanti
added 2023/02/14 7:22 a.m.22 views

SA44019 - February 26 2019 OpenSSL Security Advisory

Ivanti 4th of March 2024 - This isn't an active SA and any new edits are part of an article maintenance project. On February 26 2019, the OpenSSL project announced a group of new security advisories. These issues may affect Pulse Secure products. Refer to KB43892 - What releases will Pulse Secure...

5.9CVSS7.1AI score0.17139EPSS
Exploits0
ivanti
ivanti
added 2023/07/19 8:13 p.m.21 views

SA-2023-07-19-CVE-2023-35077

SECURITY ADVISORY 07-19-2023 Product Affected: Ivanti Endpoint Manager A vulnerability was recently discovered for Ivanti Antivirus Security Content version 7.94791 and all previous versions. Updating to Ivanti Antivirus Product version 7.9.1.285 will allow the Security Content version to update ...

8.1CVSS7.1AI score0.01498EPSS
Exploits0
ivanti
ivanti
added 2023/02/14 7:22 a.m.21 views

JSA10569 - 2013-05 Security Bulletin: Steel Belted Radius: OpenSSL vulnerability CVE-2012-2110

Problem OpenSSL software provided with Steel-Belted Radius SBR Enterprise is vulnerable to CVE-2012-2110. This may allow code execution type of attacks using crafted certificates. Related Links Acknowledgements Risk Level High Risk Assessment Workaround There are no known workarounds that can...

7.5CVSS7.8AI score0.48298EPSS
Exploits8
ivanti
ivanti
added 2023/02/14 7:22 a.m.21 views

SA40003 - [Pulse Secure] July 9th 2015 OpenSSL Security Advisory (CVE-2015-1793)

Edit: 4th of March 2024 - This isn't an active SA and any new edits are part of an article maintenance project. On July 9th, 2015 the OpenSSL project announced a new high severity security advisory Alternative chains certificate forgery CVE-2015-1793. This issue does not affect Pulse Secure...

6.5CVSS6.9AI score0.61798EPSS
Exploits6
ivanti
ivanti
added 2023/02/14 7:22 a.m.21 views

JSA10396 - Pulse Connect Secure (PCS) and Pulse Policy Secure (PPS) - OpenSSL - Incorrect checks for malformed signatures on DSA and ECDSA keys used with SSL/TLS on backend servers. CVE-2008-5077.

Ivanti 4th of March 2024 - This isn't an active SA and any new edits are part of an article maintenance project. Several functions inside OpenSSL incorrectly checked the result after calling the EVPVerifyFinal function, allowing a malformed signature to be treated as a good signature rather than ...

5.8CVSS6.8AI score0.05146EPSS
Exploits1
ivanti
ivanti
added 2023/02/14 7:22 a.m.21 views

SA40001 - [Pulse Secure] OpenSSL security advisory for March 19th, 2015

Edit: 4th of March 2024 - This isn't an active SA and any new edits are part of an article maintenance project. On March 19th the OpenSSL project released a new security advisory. This advisory can be viewed here: http://openssl.org/news/secadv20150319.txt All products are not vulnerable to the...

7.5CVSS6.9AI score0.44503EPSS
Exploits1
ivanti
ivanti
added 2023/02/14 7:22 a.m.21 views

SA40161 - [Pulse Secure] glibc getaddrinfo stack-based buffer overflow (CVE-2015-7547)

Ivanti 4th of March 2024 - This isn't an active SA and any new edits are part of an article maintenance project. A buffer overflow issue was found in the glibc library. This issue was originally publicized via this post:...

8.1CVSS7.4AI score0.89557EPSS
Exploits17
ivanti
ivanti
added 2023/02/14 7:22 a.m.21 views

SA43730 - 2018-04 Security Bulletin: Multiple vulnerabilities resolved in Pulse Connect Secure / Pulse Policy Secure 9.0R1 and vTM 18.1

Ivanti 4th of March 2024 - This isn't an active SA and any new edits are part of an article maintenance project. This advisory provides information about multiple vulnerabilities resolved in Pulse Connect Secure 9.0R1, Pulse Policy Secure 9.0R1 and Virtual Traffic Manager 18.1 releases. Refer to...

8.6CVSS6.6AI score0.28966EPSS
Exploits1
ivanti
ivanti
added 2023/02/14 7:22 a.m.21 views

SA45470 - OpenSSL Security Advisory CVE-2021-4154

Last Modified Date Apr 21, 2025 9:02:45 AM...

8.8CVSS6.7AI score0.01206EPSS
Exploits2
ivanti
ivanti
added 2022/02/24 4:35 p.m.21 views

CVE-2022-0185

Affected Version| - None of MobileIron Core - None of MobileIron Sentry - None of MobileIron Connector ---|--- Question: Are Mobileiron Products vulnerable to CVE-2022-0185 MobileIron server products are not affected. This issue affects the Linux kernel packages as shipped with Red Hat...

8.4CVSS7.1AI score0.25151EPSS
Exploits11
ivanti
ivanti
added 2026/06/09 1:58 p.m.20 views

Security Advisory Ivanti Endpoint Manager Mobile (EPMM) (CVE-2026-10727)

Update 11 June: FAQ Updated Summary Ivanti has released updates for Ivanti Endpoint Manager Mobile EPMM which addresses one high severity vulnerability. We are not aware of any customers being exploited by this vulnerability at the time of disclosure. Vulnerability Details CVE Number | Descriptio...

7.2CVSS6.1AI score0.01634EPSS
Exploits0
ivanti
ivanti
added 2025/07/08 1:59 p.m.20 views

Security Advisory July 2025 for Ivanti EPM 2024 SU2 and EPM 2022 SU8

Security Advisory Ivanti EPM 2022 SU8 and EPM 2024 SU2 Multiple CVEs Summary Ivanti has released updates for Ivanti Endpoint Manager EPM which addresses three high severity vulnerabilities. The Security vulnerability affects the Core, Remote Consoles and Windows agents. We are not aware of any...

8.4CVSS7.1AI score0.00883EPSS
Exploits0
ivanti
ivanti
added 2024/10/08 2:24 p.m.20 views

Security Advisory Ivanti CSA (Cloud Services Application) (CVE-2024-9379, CVE-2024-9380, CVE-2024-9381)

Summary Ivanti has released updates for Ivanti CSA Cloud Services Application which addresses a medium severity and two high severity vulnerabilities. Successful exploitation could lead to an attacker with admin privileges to bypass restrictions, run arbitrary SQL statements or obtain remote code...

7.2CVSS8.9AI score0.62785EPSS
Exploits0
ivanti
ivanti
added 2024/08/13 2:0 p.m.20 views

Security Advisory Ivanti Avalanche 6.4.4 (CVE-2024-38652, CVE-2024-38653, CVE-2024-36136, CVE-2024-37399, CVE-2024-37373)

Ivanti has released updates for Ivanti Avalanche, in version 6.4.4, which addresses high severity vulnerabilities. We are not aware of any customers being exploited by these vulnerabilities at the time of disclosure. Vulnerability Details: CVE Number | Description | CVSS Score Severity | CVSS...

9.1CVSS7.8AI score0.91984EPSS
Exploits1
ivanti
ivanti
added 2024/05/21 4:7 p.m.20 views

KB Security Advisory EPM May 2024

Last Modified Date Apr 21, 2025 4:11:34 PM...

5.9AI score
Exploits0
ivanti
ivanti
added 2023/02/14 7:22 a.m.20 views

SA40140 - Pulse Secure response to CVE-2016-0777 and CVE-2016-0778

Ivanti 4th of March 2024 - This isn't an active SA and any new edits are part of an article maintenance project. OpenSSH has announced two security issues: CVE-2016-0777 and CVE-2016-0778 CVE-2016-0777 CVE-2016-0778 Pulse Secure products are not vulnerable to CVE-2016-0777 and CVE-2016-0778. Our...

8.1CVSS6.9AI score0.63468EPSS
Exploits3
ivanti
ivanti
added 2023/02/14 7:22 a.m.20 views

SA44858 - 9.1R12 Security Fixes

Ivanti 4th of March 2024 - This isn't an active SA and any new edits are part of an article maintenance project. Resolutions for Pulse Connect Secure CVEs Issue: As part of a rigorous code review that we have undertaken in close partnership with industry-leading third-party experts, we have...

7.2CVSS7.9AI score0.07828EPSS
Exploits1
ivanti
ivanti
added 2023/02/10 7:30 a.m.20 views

Impact of CVE-2023-22809 on EPMM, Sentry and Connector

Last Modified Date Mar 8, 2024 8:33:11 PM...

7.8CVSS7.1AI score0.55367EPSS
Exploits20
ivanti
ivanti
added 2023/02/14 7:22 a.m.19 views

SA40196 - [Pulse Secure] Badlock security advisory (CVE-2016-2118)

Edit: 4th of March 2024 - This isn't an active SA and any new edits are part of an article maintenance project. The Samba team has released 8 new security advisories. The issue known as "Badlock" was included in this new group of issues. CVE-2016-2118 SAMR and LSA man in the middle attacks possib...

7.5CVSS6.8AI score0.3693EPSS
Exploits0
ivanti
ivanti
added 2026/06/09 2:0 p.m.18 views

Security Advisory Ivanti Sentry (CVE-2026-10520, CVE-2026-10523)

Last Modified Date Jun 16, 2026 12:48:48 AM...

10CVSS7.1AI score0.99041EPSS
Exploits6
ivanti
ivanti
added 2023/12/18 10:3 p.m.18 views

Avalanche 6.4.2 Security Hardening and CVEs addressed

Avalanche 6.4.2 has addressed some new security hardening in our 2023 Quarter 4 release. To address the security vulnerabilities listed below, it is highly recommended to download the Avalanche installer and udpate to the latest Avalanche 6.4.2. The installation will apply a fix for each CVE list...

9.8CVSS9.1AI score0.91EPSS
Exploits0
ivanti
ivanti
added 2023/10/19 9:32 p.m.18 views

CVE-2023-38041 New client side release to address a privilege escalation on Windows user machines

Summary A vulnerability exists on all versions of the Ivanti Secure Access Client Below 22.6R1 that would allow an unprivileged local user to gain unauthorized elevated privileges on the affected system. Mitigation Currently None Resoluiton To resolve the below mentioned vulnerability upgrade you...

7.8CVSS6.8AI score0.00672EPSS
Exploits0
ivanti
ivanti
added 2023/02/14 7:22 a.m.18 views

SA43903 - Response to SegmentSmack (CVE-2018-5390) and FragmentSmack (CVE-2018-5391)

Edit: 4th of March 2024 - This isn't an active SA and any new edits are part of an article maintenance project. SegmentSmack CVE-2018-5390 and FragmentSmack CVE-2018-5391 are described as a TCP implementation denial of service vulnerability. A remote attacker can send crafted sequences of TCP/IP...

7.8CVSS7.1AI score0.7354EPSS
Exploits0
ivanti
ivanti
added 2024/12/10 6:17 p.m.17 views

Security Advisory Ivanti Sentry (CVE-2024-8540)

Security Advisory Ivanti Sentry CVE-2024-8540 Summary Ivanti has released updates for Ivanti Sentry which addresses one high severity vulnerability. We are not aware of any customers being exploited by these vulnerabilities at the time of disclosure. Vulnerability Details: CVE Number | Descriptio...

8.8CVSS6.7AI score0.00252EPSS
Exploits0
ivanti
ivanti
added 2023/11/09 11:59 p.m.17 views

Security fixes included in the latest Ivanti Secure Access Client Release

Description Resolutions for Pulse Desktop Client and the Ivanti Secure Access Client Issues: As part of Ivanti’s commitment to continuous security hardening the following vulnerabilities have been discovered and resolved. To our knowledge, none of the CVEs identified in this review have been...

8.8CVSS7.3AI score0.00713EPSS
Exploits1
ivanti
ivanti
added 2023/02/14 7:22 a.m.17 views

SA45476 - Client Side Desync Attack (Informational)

Ivanti 4th of March 2024 - This isn't an active SA and any new edits are part of an article maintenance project. Portswigger has provided a responsible disclosure of a vulnerability that affects the Pulse Collaboration feature. Their write up can be found here:...

5.4CVSS6.5AI score0.45229EPSS
Exploits0
ivanti
ivanti
added 2026/07/03 11:45 a.m.16 views

SAML 2.0 SP signature validation behaviour from ICS 25.1.3.0

Last Modified Date Jul 3, 2026 11:45:26 AM...

5.9AI score
Exploits0
ivanti
ivanti
added 2024/12/11 3:1 p.m.16 views

Security Advisory - Ivanti Security Controls (ISeC) (CVE-2024-10251)

Security Advisory Ivanti Security Controls iSec CVE-2024-10251 Summary Ivanti has released an update for the Ivanti Security Controls console which addresses one high severity vulnerability. Successful exploitation could lead to local privilege escalation. We are not aware of any customers being...

7.8CVSS6.7AI score0.0021EPSS
Exploits0
ivanti
ivanti
added 2024/11/11 4:57 p.m.16 views

Security Advisory Ivanti Connect Secure (ICS), Ivanti Policy Secure (IPS), Ivanti Secure Access Client (ISAC) (Multiple CVEs)

Summary Ivanti has released updates for Ivanti Connect Secure ICS,Ivanti Policy Secure IPS and Ivanti Secure Access Client ISAC which addresses medium, high and critical vulnerabilities. We are not aware of any customers being exploited by these vulnerabilities at the time of disclosure...

9.1CVSS8.9AI score0.02014EPSS
Exploits0
ivanti
ivanti
added 2024/11/11 3:11 p.m.16 views

Security Advisory Ivanti Avalanche (Multiple CVEs) - Q4 2024 Release

Summary Ivanti has released updates for Ivanti Avalanche which addresses five high severity vulnerabilities. Successful exploitation could lead to denial of service to legitimate users or leaking of sensitive information. We are not aware of any customers being exploited by these vulnerabilities ...

7.5CVSS7.4AI score0.31235EPSS
Exploits0
ivanti
ivanti
added 2025/10/31 3:15 p.m.15 views

Impact Of CVE-2025-55752 And CVE-2025-55754 On EPMM, Sentry, Connector

Last Modified Date Oct 31, 2025 3:15:00 PM...

9.6CVSS8.8AI score0.66535EPSS
Exploits4
ivanti
ivanti
added 2024/10/07 4:41 p.m.15 views

Security Advisory Ivanti Endpoint Manager Mobile (EPMM) (CVE-2024-7612) 

Summary: Ivanti has released updates for Ivanti EPMM which addresses a high severity vulnerability. Successful exploitation could lead to an authenticated attacker accessing or modifying configuration files. We are not aware of any customers being exploited by these vulnerabilities at the time of...

8.8CVSS6.7AI score0.00241EPSS
Exploits0
ivanti
ivanti
added 2024/08/13 2:0 p.m.15 views

Security Advisory: Ivanti Neurons for ITSM (CVE-2024-7569, CVE-2024-7570)

Ivanti has released updates for Ivanti Neurons for ITSM which addresses a critical severity vulnerability and a high severity vulnerability. Please note: the patch has been applied to all Ivanti Neurons for ITSM Cloud landscapes as of August 4. No further action is needed for cloud customers, we...

9.8CVSS6.8AI score0.01639EPSS
Exploits0
ivanti
ivanti
added 2024/07/16 4:15 p.m.15 views

Security Advisory CVE-2024-37403 (Dirty Stream) for Ivanti Docs@Work for Android

Last Modified Date Jul 17, 2024 2:20:01 PM...

5.5CVSS6AI score0.00459EPSS
Exploits0
ivanti
ivanti
added 2023/12/04 8:39 p.m.15 views

Security patch release - Ivanti Connect Secure 22.6R2 and 22.6R2.1

Resolutions for Ivanti Connect Secure Security Issues: As part of Ivanti's commitment to continuous security hardening, Ivanti has released a security update for Ivanti Connect Secure. This update resolves important vulnerabilities. To our knowledge, none of the CVEs identified in this review hav...

7.8CVSS8.4AI score0.03366EPSS
Exploits0
ivanti
ivanti
added 2026/06/01 1:56 p.m.14 views

Security Advisory Ivanti Neurons for ITSM (CVE-2026-9614)

Ivanti has released updates for Ivanti Neurons for ITSM which addresses one high severity vulnerability. Successful exploitation could lead to authenticated privilege escalation to an administrator. We are not aware of any customers being exploited by this vulnerability at the time of disclosure...

8.8CVSS5.8AI score0.0144EPSS
Exploits0
ivanti
ivanti
added 2025/07/07 8:33 a.m.14 views

Impact Of CVE-2025-32462, CVE-2025-32463 On Ivanti EPMM and Sentry

Last Modified Date Oct 16, 2025 7:23:33 PM...

9.3CVSS6.8AI score0.47467EPSS
Exploits77
ivanti
ivanti
added 2025/05/13 2:0 p.m.14 views

Security Advisory Ivanti Cloud Services Application (CVE-2025-22460)

Summary: Ivanti has released updates for Ivanti Cloud Services Application which addresses one high severity vulnerability. Successful exploitation could lead to local privilege escalation. We are not aware of any customers being exploited by this vulnerability at the time of disclosure...

7.8CVSS7.4AI score0.00326EPSS
Exploits0
ivanti
ivanti
added 2024/10/08 2:21 p.m.14 views

Security Advisory Velocity License Server (CVE-2024-9167)

Summary Ivanti has released updates for the Velocity License Server which addresses a high-severity vulnerability. Successful exploitation could lead to local privilege escalation. We are not aware of any customers being exploited by these vulnerabilities at the time of disclosure. Vulnerability...

7.8CVSS7AI score0.00227EPSS
Exploits0
ivanti
ivanti
added 2024/09/10 2:4 p.m.14 views

Security Advisory Ivanti Workspace Control (IWC)

Summary Ivanti has released a version of a new product architecture for Ivanti Workspace Control IWC which addresses high and critical vulnerabilities. Successful exploitation could lead to an escalation of privileges and lateral movement. IWC is intended to be a non-internet facing product, and...

8.8CVSS9.4AI score0.00268EPSS
Exploits0
ivanti
ivanti
added 2024/09/10 2:0 p.m.14 views

Security Advisory Ivanti Cloud Service Appliance (CSA) (CVE-2024-8190)

Summary Ivanti has released a security update for Ivanti CSA 4.6 which addresses a high severity vulnerability. Successful exploitation could lead to unauthorized access to the device running the CSA. Dual-homed CSA configurations with eth0 as an internal network, as recommended by Ivanti, are at...

7.2CVSS9.3AI score0.88955EPSS
Exploits2
ivanti
ivanti
added 2024/09/10 1:47 p.m.14 views

Security Advisory EPM September 2024 for EPM 2024 and EPM 2022

Update Regarding Ivanti EPM Endpoint Manager Downloads As part of our ongoing efforts to enhance your experience and streamline our processes we have migrated the software downloads from the Ivanti Community to the Ivanti License System ILS. You will continue to use your current Ivanti Single...

10CVSS9AI score0.59257EPSS
Exploits3
ivanti
ivanti
added 2024/05/13 6:32 p.m.14 views

Avalanche 6.4.3.602 - additional security hardening and CVE fixed

Last Modified Date Aug 16, 2024 6:00:39 PM...

7.2CVSS7.2AI score0.64423EPSS
Exploits0
ivanti
ivanti
added 2024/04/02 4:12 p.m.14 views

SA:CVE-2024-21894 (Heap Overflow), CVE-2024-22052 (Null Pointer Dereference), CVE-2024-22053 (Heap Overflow), CVE-2024-22023 (XML entity expansion or XXE) and CVE-2024-29205 for Ivanti Connect Secure and Ivanti Policy Secure Gateways

Vulnerabilities have been discovered in Ivanti Connect Secure ICS, formerly known as Pulse Connect Secure and Ivanti Policy Secure gateways and a patch is available now. These vulnerabilities impact all supported versions – Version 9.x and 22.x refer to Granular Software Release EOL Timelines and...

9.8CVSS8.1AI score0.18987EPSS
Exploits0
Total number of security vulnerabilities286