Lucene search
+L
IvantiMost viewed

286 matches found

Ivanti
Ivanti
added 2024/05/13 6:32 p.m.14 views

Avalanche 6.4.3.602 - additional security hardening and CVE fixed

Last Modified Date Aug 16, 2024 6:00:39 PM...

7.2CVSS7.2AI score0.64423EPSS
Exploits0
Ivanti
Ivanti
added 2024/04/02 4:12 p.m.14 views

SA:CVE-2024-21894 (Heap Overflow), CVE-2024-22052 (Null Pointer Dereference), CVE-2024-22053 (Heap Overflow), CVE-2024-22023 (XML entity expansion or XXE) and CVE-2024-29205 for Ivanti Connect Secure and Ivanti Policy Secure Gateways

Vulnerabilities have been discovered in Ivanti Connect Secure ICS, formerly known as Pulse Connect Secure and Ivanti Policy Secure gateways and a patch is available now. These vulnerabilities impact all supported versions – Version 9.x and 22.x refer to Granular Software Release EOL Timelines and...

9.8CVSS8.1AI score0.18987EPSS
Exploits0
Ivanti
Ivanti
added 2024/03/18 5:9 p.m.14 views

Avalanche 6.4.3 Security Hardening and CVEs addressed

Avalanche 6.4.3 has addressed some new security hardening and vulnerabilities in our Q1 2024 release. We are not aware of any exploitation of these vulnerabilities at the time of disclosure. To address the security vulnerabilities listed below, it is highly recommended to download the Avalanche...

9.8CVSS9.3AI score0.70908EPSS
Exploits0
Ivanti
Ivanti
added 2024/01/10 5:48 p.m.14 views

CVE-2023-46805 (Authentication Bypass) & CVE-2024-21887 (Command Injection) for Ivanti Connect Secure and Ivanti Policy Secure Gateways

DESCRIPTION: Vulnerabilities have been discovered in Ivanti Connect Secure ICS, formerly known as Pulse Connect Secure and Ivanti Policy Secure gateways. These vulnerabilities impact all supported versions – Version 9.x and 22.x refer to Granular Software Release EOL Timelines and Support Matrix...

9.1CVSS10AI score0.99999EPSS
Exploits23
Ivanti
Ivanti
added 2023/08/21 2:0 p.m.14 views

KB API Authentication Bypass on Sentry Administrator Interface - CVE-2023-38035

A vulnerability has been discovered in Ivanti Sentry, formerly MobileIron Sentry. This vulnerability impacts all supported versions – 9.18, 9.17, and 9.16. Older versions/releases are also at risk. This vulnerability does not affect other Ivanti products or solutions, such as Ivanti EPMM,...

9.8CVSS8AI score0.99949EPSS
Exploits6
Ivanti
Ivanti
added 2023/02/14 7:22 a.m.14 views

SA40166 - Remote desktop protocol (RDP) client restriction bypass issue

Ivanti 4th of March 2024 - This isn't an active SA and any new edits are part of an article maintenance project. A security issue was discovered in the PCS Terminal Services Remote Desktop Protocol RDP client session restrictions feature. By exploiting this issue a malicious authenticated user...

7.1AI score
Exploits0
Ivanti
Ivanti
added 2023/02/14 7:22 a.m.14 views

SA44588 - 2020-09: Out-of-Cycle Advisory: Multiple vulnerabilities resolved in Pulse Connect Secure / Pulse Policy Secure 9.1R8.2

Edit: 4th of March 2024 - This isn't an active SA and any new edits are part of an article maintenance project. This advisory provides information about multiple vulnerabilities resolved in Pulse Connect Secure 9.1R8.2, Pulse Policy Secure 9.1R8.2 Refer to KB43892 - What releases will Pulse Secur...

7.2CVSS8AI score0.90759EPSS
Exploits2
Ivanti
Ivanti
added 2026/01/29 6:38 p.m.13 views

Security Advisory Ivanti Endpoint Manager Mobile (EPMM) (CVE-2026-1281 & CVE-2026-1340)

Update 29 Jan: Step by Step RPM Install KB included Update 4 Feb: Fixed in Security Update: 0S-4 and 0L-4 included Update: 6 Feb: RPM detection script available to help customers assess potential impact. Technical Analysis updated with reliable Indicators of Compromise IoC’s. Both in partnership...

9.8CVSS7.6AI score0.8404EPSS
Exploits6
Ivanti
Ivanti
added 2024/12/10 9:46 a.m.13 views

December 2024 Security Advisory Ivanti Automation (CVE-2024-9845)

Summary Ivanti has released updates for Automation which addresses one high severity vulnerability. Successful exploitation could lead to local privilege escalation. We are not aware of any customers being exploited by this vulnerability at the time of disclosure. Vulnerability Details: CVE Numbe...

7.8CVSS6.5AI score0.0021EPSS
Exploits0
Ivanti
Ivanti
added 2024/10/07 2:49 p.m.13 views

Ivanti Avalanche 6.4.5 Security Advisory (Multiple CVE's)

Summary Ivanti has released updates for Ivanti Avalanche which addresses high severity vulnerabilities. Successful exploitation could lead to information disclosure, authentication bypass or denial of service. We are not aware of any customers being exploited by these vulnerabilities at the time ...

9.8CVSS10AI score0.56345EPSS
Exploits0
Ivanti
Ivanti
added 2024/03/20 2:26 a.m.13 views

SA: CVE-2023-46808 (Authenticated Remote File Write) for Ivanti Neurons for ITSM

Last Modified Date Apr 4, 2024 4:10:39 PM...

9.9CVSS7.3AI score0.02001EPSS
Exploits0
Ivanti
Ivanti
added 2024/02/08 6:54 p.m.13 views

CVE-2024-22024 (XXE) for Ivanti Connect Secure and Ivanti Policy Secure

Executive Summary: As part of the ongoing investigation, we discovered a new vulnerability as part of our internal review and testing of our code, which was also responsibly disclosed by watchTowr. This vulnerability only affects a limited number of supported versions – Ivanti Connect Secure...

8.3CVSS9.7AI score0.94721EPSS
Exploits1
Ivanti
Ivanti
added 2023/07/28 3:59 p.m.13 views

CVE-2023-35081 - Remote Arbitrary File Write

A vulnerability has been discovered in Ivanti Endpoint Manager Mobile EPMM, formerly known as MobileIron Core. This vulnerability impacts all supported versions –releases 11.10, 11.9 and 11.8. Older versions/releases are also at risk. This vulnerability is different from CVE-2023-35078, released ...

7.2CVSS7.3AI score0.63316EPSS
Exploits0
Ivanti
Ivanti
added 2023/05/05 5:52 p.m.13 views

ZDI-CAN-17729 - CVE-2023-28125 - Bug 958437: ZDI-CAN-17729: Ivanti Avalanche InfoRail Authentication Bypass Vulnerability

Last Modified Date 2024-3-8 16:51:05...

5.9CVSS6.8AI score0.02252EPSS
Exploits0
Ivanti
Ivanti
added 2023/02/14 7:22 a.m.13 views

JSA10482 - 2011-07 Out of Cycle Security Bulletin: Multiple Products; TLS/SSL Renegotiation Vulnerability (CVE-2009-3555)

Edit: 4th of March 2024 - This isn't an active SA and any new edits are part of an article maintenance project. CVE-2009-3555 summary: The TLS protocol, and the SSL protocol 3.0 and possibly earlier, does not properly associate renegotiation handshakes with an existing connection, which allows...

9.8CVSS6.4AI score0.87264EPSS
Exploits15
Ivanti
Ivanti
added 2023/02/14 7:22 a.m.13 views

JSA10645 - 2014-09 Security Bulletin: Pulse Connect Secure (PSC) and Pulse Policy Secure (PPS): Cross site scripting issue (CVE-2014-3820)

Edit: 4th of March 2024 - This isn't an active SA and any new edits are part of an article maintenance project. A cross site scripting issue has been found in the Pulse Connect Secure and Pulse Policy Secure PCS/PPS products. The problem is a result of incorrect user input validation on the PCS/P...

4.3CVSS5.9AI score0.00786EPSS
Exploits0
Ivanti
Ivanti
added 2026/04/20 4:12 a.m.12 views

Using Vulnerable Libssh Version < 0.12 in Sentry

Last Modified Date Apr 20, 2026 4:13:44 AM...

5.9AI score
Exploits0
Ivanti
Ivanti
added 2025/10/13 8:53 p.m.12 views

Security Advisory Ivanti Endpoint Manager (EPM) October 2025

Security Advisory Ivanti Endpoint Manager EPM October 2025 Multiple CVEs Summary Update Nov. 11, 2025: A fix has been released for CVE-2025-11622 and CVE-2025-9713. To resolve these vulnerabilities customers should update to EPM 2024 SU4. Update Feb. 10, 2026: A fix to resolve the remaining CVE's...

8.8CVSS8AI score0.14805EPSS
Exploits0
Ivanti
Ivanti
added 2025/05/13 2:4 p.m.12 views

Security Advisory Ivanti Neurons for ITSM (On-Premises Only) (CVE-2025-22462)

Security Advisory Ivanti Neurons for ITSM on-premises only CVE-2025-22462 Summary Ivanti has released updates for Ivanti Neurons for ITSM on-prem only which addresses one critical severity vulnerability. Depending on system configuration, successful exploitation could allow an unauthenticated...

9.8CVSS10AI score0.01871EPSS
Exploits0
Ivanti
Ivanti
added 2024/11/12 3:0 p.m.12 views

Security Advisory EPM November 2024 for EPM 2024 and EPM 2022 SU6

Update Regarding Ivanti EPM Endpoint Manager Downloads As part of our ongoing efforts to enhance your experience and streamline our processes we have migrated the software downloads from the Ivanti Community to the Ivanti License System ILS. You will continue to use your current Ivanti Single...

8.8CVSS8.7AI score0.67711EPSS
Exploits0
Ivanti
Ivanti
added 2024/08/12 6:40 p.m.12 views

Security Advisory: Ivanti Virtual Traffic Manager (vTM ) (CVE-2024-7593)

Last Modified Date Jun 18, 2025 12:05:38 PM...

9.8CVSS7.1AI score0.99987EPSS
Exploits4
Ivanti
Ivanti
added 2024/07/16 4:16 p.m.12 views

Security Advisory EPM July 2024 for EPM 2024

Last Modified Date Apr 16, 2025 2:50:24 PM...

8.4CVSS7.2AI score0.03137EPSS
Exploits0
Ivanti
Ivanti
added 2024/01/04 7:20 p.m.12 views

SA-2023-12-19-CVE-2023-39336

SECURITY ADVISORY 2023-12-19 Product Affected: Ivanti Endpoint Manager A vulnerability was recently discovered for EPM 2022 SU4 and all prior versions. More information can be found here: CVE-2023-39336 Full details Please log into the community to access the full details page. Vulnerability...

9.6CVSS8.2AI score0.0997EPSS
Exploits0
Ivanti
Ivanti
added 2023/06/07 7:55 p.m.12 views

SA-2023-06-06-CVE-2023-28324

SECURITY ADVISORY 06-06-2023 Product Affected: Ivanti Endpoint Manager A vulnerability was recently discovered for Ivanti Endpoint Manager for all versions of 2022 SU2 and below. Please patch to the latest version of EPM 2022. If you are using 2021.1, please patch to SU4 and apply the hotfix as...

9.8CVSS7.9AI score0.12904EPSS
Exploits5
Ivanti
Ivanti
added 2023/02/14 7:22 a.m.12 views

JSA10554 - 2013-03: Security Bulletin: Pulse Connect Secure (PCS): Multiple cross site scripting issues

Ivanti 4th of March 2024 - This isn't an active SA and any new edits are part of an article maintenance project. Multiple cross site scripting issues have been found in the Pulse Connect Secure PCS product. The issue is the result of incorrect validation of user input sent to the web server. This...

4.3CVSS5.9AI score0.00931EPSS
Exploits0
Ivanti
Ivanti
added 2023/02/14 7:22 a.m.12 views

SA40013 - TLS/SSL Renegotiation Vulnerability Pulse Connect Secure (PCS) (CVE-2009-3555) (Pulse Secure PSN-2009-11-573

Ivanti 4th of March 2024 - This isn't an active SA and any new edits are part of an article maintenance project. The industry-wide TLS/SSL renegotiation issue CVE-2009-3555 has been found in the Pulse Connect Secure PCS device. This issue has been reported as a man in the middle MITM attack by ma...

5.8CVSS6.4AI score0.87264EPSS
Exploits15
Ivanti
Ivanti
added 2023/02/14 7:22 a.m.12 views

SA40054 - 2015-09: Security Advisory: Secure Meeting (Pulse Collaboration) issue may allow authenticated users to bypass meeting authorization (CVE-2015-7323)

Ivanti 4th of March 2024 - This isn't an active SA and any new edits are part of an article maintenance project. An authorization bypass issue has been discovered in Secure Meeting Pulse Collaboration. This issue could allow an authenticated user to log into meetings that they do not have...

3.5CVSS6.3AI score0.01656EPSS
Exploits3
Ivanti
Ivanti
added 2023/02/14 7:22 a.m.12 views

SA40107 - Response to Juniper ScreenOS security advisory JSA10713 (CVE-2015-7755 and CVE-2015-7756)

Edit: 4th of March 2024 - This isn't an active SA and any new edits are part of an article maintenance project. Juniper announced a security advisory for their Netscreen Firewall ScreenOS product portfolio. The Juniper ScreenOS advisory can be found here: JSA10713 Related Links JSA10713...

10CVSS6.8AI score0.614EPSS
Exploits7
Ivanti
Ivanti
added 2023/02/14 7:22 a.m.12 views

SA40208 - [Pulse Secure] Single specific file content disclosure issue (CVE-2016-4788)

Ivanti 4th of March 2024 - This isn't an active SA and any new edits are part of an article maintenance project. An issue was discovered with the Pulse Connect Secure device that could allow an attacker to print out contents from a specific file. The file contents do not contain any configuration...

5.8CVSS6.5AI score0.01512EPSS
Exploits0
Ivanti
Ivanti
added 2023/02/14 7:22 a.m.12 views

SA40210 - [Pulse Secure] Information disclosure possible on admin UI (CVE-2016-4791)

Ivanti 4th of March 2024 - This isn't an active SA and any new edits are part of an article maintenance project. An information disclosure issue was discovered on the Pulse Connect Secure device. This issue exists on the administrative user interface and requires admin level access. Because of th...

8.6CVSS6.6AI score0.02242EPSS
Exploits0
Ivanti
Ivanti
added 2023/02/14 7:22 a.m.12 views

SA43681 - 2016-11: CSRF vulnerability with Brocade Virtual Traffic Manager (vTM) (CVE-2016-8201)

Edit: 4th of March 2024 - This isn't an active SA and any new edits are part of an article maintenance project. A CSRF vulnerability in Pulse Secure Virtual Traffic Manager versions released prior to and including 11.0, could allow an attacker to trick a logged-in user into making administrative...

8CVSS6.7AI score0.00466EPSS
Exploits0
Ivanti
Ivanti
added 2023/02/14 7:22 a.m.12 views

JSA10399 - Security Vulnerability in Pulse Policy Secure (PPS) software's radius authentication mechanism

Ivanti 4th of March 2024 - This isn't an active SA and any new edits are part of an article maintenance project. This Security Advisory is an addendum to JSA10380.. The purpose is to notify customers of the removal of the affected releases from the Pulse Secure software download site. JSA10380 -...

7.2AI score
Exploits0
Ivanti
Ivanti
added 2023/02/14 7:22 a.m.12 views

SA43877 - 2018-08 Security Bulletin: Multiple vulnerabilities resolved in Pulse Connect Secure / Pulse Policy Secure / Pulse Secure Desktop 9.0R1/9.0R2

Ivanti 4th of March 2024 - This isn't an active SA and any new edits are part of an article maintenance project. This advisory provides information about multiple vulnerabilities resolved in Pulse Connect Secure and Pulse Policy Secure 9.0R1 & Pulse Desktop Client 9.0R2 releases. These issues app...

9.8CVSS6.9AI score0.04079EPSS
Exploits2
Ivanti
Ivanti
added 2023/02/14 7:22 a.m.12 views

2020-06: Out-of-Cycle Advisory: Pulse Secure Client TOCTOU Privilege Escalation Vulnerability (CVE-2020-13162)

Ivanti 4th of March 2024 - This isn't an active SA and any new edits are part of an article maintenance project. A security vulnerability was discovered within a Pulse Secure client-side component Windows OS only. This is a client-side exploit only and does not affect the PCS or PPS gateway serve...

7CVSS6.5AI score0.00793EPSS
Exploits3
Ivanti
Ivanti
added 2023/02/14 7:22 a.m.12 views

SA44426 - 2020-04: Out-of-Cycle Advisory: Multiple Host Checker Vulnerabilities

Ivanti 4th of March 2024 - This isn't an active SA and any new edits are part of an article maintenance project. This advisory provides information about the Host Checker policy enforcement vulnerabilities highlighted in CVE-2020-11580, CVE-2020-11581, and CVE-2020-11582. These vulnerabilities...

9.3CVSS8.6AI score0.09839EPSS
Exploits3
Ivanti
Ivanti
added 2023/02/14 7:22 a.m.12 views

SA44790 - HTTP Request Smuggling vulnerability with Virtual Traffic Manager (vTM)

Edit: 4th of March 2024 - This isn't an active SA and any new edits are part of an article maintenance project. An HTTP Request Smuggling vulnerability in Pulse Secure Virtual Traffic Manager could allow an attacker to 'smuggle' an HTTP request through an HTTP/2 header. In particular, customers...

7.5CVSS6.8AI score0.00973EPSS
Exploits1
Ivanti
Ivanti
added 2023/02/14 7:22 a.m.12 views

SA44800 - 2021-05: Out-of-Cycle Advisory: Pulse Connect Secure Buffer Overflow Vulnerability

Ivanti 4th of March 2024 - This isn't an active SA and any new edits are part of an article maintenance project. A vulnerability was discovered under Pulse Connect Secure PCS. This includes buffer overflow vulnerability on the Pulse Connect Secure gateway that allows a remote authenticated user...

9CVSS7.9AI score0.69377EPSS
Exploits0
Ivanti
Ivanti
added 2025/09/09 1:59 p.m.11 views

September Security Advisory Ivanti Connect Secure, Policy Secure, ZTA Gateways and Neurons for Secure Access (Multiple CVEs)

Update 10 Sept Ivanti Policy Secure: Affected and Resolved in Versions updated Summary Ivanti has released updates for Ivanti Connect Secure, Policy Secure, ZTA Gateways and Neurons for Secure Access which addresses six medium and five high vulnerabilities. We are not aware of any customers being...

8.9CVSS7.6AI score0.00855EPSS
Exploits0
Ivanti
Ivanti
added 2024/10/08 2:1 p.m.11 views

Security Advisory Ivanti Connect Secure and Policy Secure (CVE-2024-37404)

Summary Ivanti has released updates for Ivanti Connect Secure and Policy Secure which addresses a critical vulnerability. Successful exploitation could allow a remote authenticated attacker to achieve remote code execution. We are not aware of any customers being exploited by this vulnerability a...

9.1CVSS8AI score0.67291EPSS
Exploits1
Ivanti
Ivanti
added 2024/09/19 3:32 p.m.11 views

Security Advisory Ivanti CSA 4.6 (Cloud Services Appliance) (CVE-2024-8963)

Summary Ivanti is disclosing a critical vulnerability in Ivanti CSA 4.6 which was incidentally addressed in the patch released on 10 September CSA 4.6 Patch 519. Successful exploitation could allow a remote unauthenticated attacker to access restricted functionality. If CVE-2024-8963 is used in...

9.4CVSS8.4AI score0.98557EPSS
Exploits2
Ivanti
Ivanti
added 2024/07/12 8:17 a.m.11 views

SA-2024-07-12-CVE-2024-29213

SECURITY ADVISORY 07-12-2024 Product Affected: Ivanti Desktop and Server Management A vulnerability was recently discovered in DSM. This vulnerability is remediated in DSM 2024.2. Vulnerability Information CVE | CVSS | Summary | Product Affected ---|---|---|--- CVE-2024-29213 CVE Reserved | 7.8...

7.8CVSS6.7AI score0.00226EPSS
Exploits0
Ivanti
Ivanti
added 2024/05/15 8:38 p.m.11 views

Security Advisory EPMM May 2024

Last Modified Date Jul 19, 2024 3:00:43 PM...

5.9AI score
Exploits0
Ivanti
Ivanti
added 2023/12/04 8:39 p.m.11 views

Security Patch Release - Ivanti Policy Secure 22.6R1

Resolutions for Ivanti Policy Secure Security Issues: As part of Ivanti's commitment to continuous security hardening, Ivanti has released a security update for Ivanti Policy Secure. This update resolves a moderate vulnerability. To our knowledge, none of the CVEs identified in this review have...

4.9CVSS5.5AI score0.00945EPSS
Exploits0
Ivanti
Ivanti
added 2023/11/09 4:55 p.m.11 views

CVE-2023-39335 - Certificate creation authentication bypass in UPDATEPROFILE handler

Last Modified Date Dec 11, 2025 1:35:01 PM...

9.8CVSS7.2AI score0.02278EPSS
Exploits0
Ivanti
Ivanti
added 2023/11/09 4:55 p.m.11 views

CVE-2023-39337 - MobileConfig profile download authentication bypass

Last Modified Date Dec 11, 2023 2:11:27 PM...

9.1CVSS7.2AI score0.01897EPSS
Exploits0
Ivanti
Ivanti
added 2023/10/04 4:22 p.m.11 views

SA-2023-08-08-CVE-2023-35084

SECURITY ADVISORY 08-08-2023 Product Affected: Ivanti Endpoint Manager A vulnerability was recently discovered for EPM 2022 SU3 and all previous versions. We have a Hotfix available to remediate this vulnerability that can be found by going to CVE-2023-35084 Full details. Please log into the...

9.8CVSS6.4AI score0.02848EPSS
Exploits0
Ivanti
Ivanti
added 2023/10/04 4:13 p.m.11 views

SA-2023-08-08-CVE-2023-35083

SECURITY ADVISORY 08-08-2023 Product Affected: Ivanti Endpoint Manager A vulnerability was recently discovered for EPM 2022 SU3 and all previous versions. We have a Hotfix available to remediate this vulnerability that can be found by going to CVE-2023-35083 Full details. Please log into the...

6.5CVSS9.5AI score0.01091EPSS
Exploits0
Ivanti
Ivanti
added 2023/08/21 2:0 p.m.11 views

CVE-2023-38035 – API Authentication Bypass on Sentry Administrator Interface

A vulnerability has been discovered in Ivanti Sentry, formerly known as MobileIron Sentry. This vulnerability impacts versions 9.18 and prior. The vulnerability does not impact other Ivanti products, such as Ivanti EPMM or Ivanti Neurons for MDM. If exploited, this vulnerability enables an...

9.8CVSS9.8AI score0.99949EPSS
Exploits6
Ivanti
Ivanti
added 2023/02/14 7:22 a.m.11 views

JSA10571 - 2013-06 Security Bulletin: Pulse Connect Secure (PCS) and Pulse Policy Secure (PPS): Internal and test Certificate Authority Root Servers unintentionally added to Trusted CA list

Edit: 4th of March 2024 - This isn't an active SA and any new edits are part of an article maintenance project. The Pulse Connect Secure PCS and Pulse Policy Secure PPS software use Trusted Server CA Root Certificate list in order to verify the validity of certificates. Internal and development...

4.3CVSS7AI score0.00488EPSS
Exploits0
Ivanti
Ivanti
added 2023/02/14 7:22 a.m.11 views

JSA10590 - 2013-09 Security Bulletin: Pulse Connect Secure (PCS) and Pulse Policy Secure (PPS): Crafted packet can cause denial of service

Edit: 4th of March 2024 - This isn't an active SA and any new edits are part of an article maintenance project. A denial of service DoS issue has been found on the Pulse Connect Secure PCS and Pulse Policy Secure PPS devices. This issue can cause the system to hang ultimately requiring a restart ...

5.4CVSS7AI score0.01831EPSS
Exploits0
Total number of security vulnerabilities286