Lucene search
+L
IvantiMost viewed

286 matches found

Ivanti
Ivanti
added 2023/02/14 7:22 a.m.11 views

JSA10414 - Pulse Connect Secure (PCS) and Pulse Policy Secure (PPS) - Security Bundle - Admin Issue

Ivanti 4th of March 2024 - This isn't an active SA and any new edits are part of an article maintenance project. Admin vulnerability found and fixed through a combination of internal and external proactive security testing: - When an admin uses certain sub-menus within the console, a timeout is...

7.2AI score
Exploits0
Ivanti
Ivanti
added 2023/02/14 7:22 a.m.11 views

JSA10443 - 2010-06 Security Bulletin: Pulse Connect Secure (PCS) and Pulse Policy Secure (PPS): Connecting to untrusted PCS or PPS

Ivanti 4th of March 2024 - This isn't an active SA and any new edits are part of an article maintenance project. PCS and PPS use ActiveX controls or Java applets to install and launch client software from a web browser. Due to the inherent problems with using ActiveX and Java applet, users can...

7.2AI score
Exploits0
Ivanti
Ivanti
added 2023/02/14 7:22 a.m.11 views

JSA10412 - VU#261869 - Clientless PCS products break web browser's domain-based security models

Ivanti 4th of March 2024 - This isn't an active SA and any new edits are part of an article maintenance project. Clientless PCS products from multiple vendors operate in a way that breaks fundamental browser security mechanisms. An attacker could use these devices to bypass authentication or...

7.4AI score
Exploits0
Ivanti
Ivanti
added 2023/02/14 7:22 a.m.11 views

SA40007 - 2014-09 Security Bulletin: Pulse Connect Secure (PCS) and Pulse Secure Desktop client: User privilege escalation issue in Installer Service (CVE-2014-3811)

Ivanti 4th of March 2024 - This isn't an active SA and any new edits are part of an article maintenance project. A privilege escalation issue has been found and corrected in the Pulse Secure Installer Service client Windows platform only software. This issue could allow a non-administrator user t...

7.2CVSS6.8AI score0.00387EPSS
Exploits0
Ivanti
Ivanti
added 2023/02/14 7:22 a.m.11 views

JSA10647 - 2014-09 Security Bulletin: Junos Pulse Secure Access Service (SSL VPN): Clickjacking issue (CVE-2014-3823)

Ivanti 4th of March 2024 - This isn't an active SA and any new edits are part of an article maintenance project. A clickjacking issue has been found in the Pulse Connect Secure product. 'X-Frame-Options' has been added to defend against this type of attack. The attack could take place against...

4.3CVSS6.4AI score0.00958EPSS
Exploits0
Ivanti
Ivanti
added 2023/02/14 7:22 a.m.11 views

SA40971 - Pulse One On-Premise Remote Information Disclosure Vulnerability

Ivanti 4th of March 2024 - This isn't an active SA and any new edits are part of an article maintenance project. Pulse One On-Premise software version 2.0.1649 does not properly validate requests which allows remote users to query and obtain sensitive information. This issue is exploitable only f...

7.5CVSS6.5AI score0.0135EPSS
Exploits0
Ivanti
Ivanti
added 2023/02/14 7:22 a.m.11 views

SA44114 - 2019-04: Out-of-Cycle Advisory: Pulse Desktop Client and Network Connect improper handling of session cookies (CVE-2019-11213)

Ivanti 4th of March 2024 - This isn't an active SA and any new edits are part of an article maintenance project. Under certain conditions, the Pulse Desktop Client and Network Connect could allow an attacker to access session tokens to replay and spoof sessions, and as a result, gain unauthorized...

8.1CVSS6.8AI score0.02822EPSS
Exploits0
Ivanti
Ivanti
added 2023/02/14 7:22 a.m.11 views

SA44525 - 2020-07: Out-of-Cycle Advisory: Multiple Vulnerabilities in Apache Guacamole Software

Ivanti 4th of March 2024 - This isn't an active SA and any new edits are part of an article maintenance project. This advisory provides information about the Apache Guacamole HTML5 Access vulnerabilities highlighted in CVE-2020-9498 and CVE-2020-9497. If a end user connects to a malicious or...

6.7CVSS7AI score0.00795EPSS
Exploits0
Ivanti
Ivanti
added 2023/02/14 7:22 a.m.11 views

SA44328 - 2019-12: Out-of-Cycle Advisory: Vulnerability could allow attackers to sniff or hijack VPN Connections (CVE-2019-14899)

Edit: 4th of March 2024 - This isn't an active SA and any new edits are part of an article maintenance project. This advisory provides information about recently discovered vulnerability CVE-2019-14899. The flaw could be exploited by an attacker who shares the same network segment with the target...

7.4CVSS6AI score0.00838EPSS
Exploits0
Ivanti
Ivanti
added 2023/02/14 7:22 a.m.11 views

SA44845 - OpenSSL Security Advisory CVE-2021-3450

On March 25 2021, the OpenSSL project announced a new security advisory. These issues may affect Pulse Secure product. Refer to KB43892 - What releases will Pulse Secure apply fixes to resolve security vulnerabilities per our End of Engineering EOE and End of Life EOL policies. The OpenSSL adviso...

7.4CVSS7.2AI score0.62906EPSS
Exploits4
Ivanti
Ivanti
added 2023/02/14 7:22 a.m.11 views

SA45520 - CVE's (CVE-2022-35254,CVE-2022-35258) may lead to DoS attack

Summary: An unauthenticated attacker can cause a denial-of-service to the following products: Ivanti Connect Secure ICS in versions prior to 9.1R14.3, 9.1R15.2, 9.1R16.2, and 22.2R3, Ivanti Policy Secure IPS in versions prior to 9.1R17 and 22.2R3, and Ivanti Neurons for Zero-Trust Gateway in...

7.5CVSS6.9AI score0.02515EPSS
Exploits0
Ivanti
Ivanti
added 2026/06/05 4:45 p.m.10 views

Epmm + Sentry Not Affected by Cve-2026-4408 or Cve-2026-4480

Last Modified Date Jun 5, 2026 4:45:08 PM...

9.8CVSS7.2AI score0.12797EPSS
Exploits9
Ivanti
Ivanti
added 2025/12/18 7:48 p.m.10 views

Urgent Reminder to Update Edge Appliances During Peak Holiday Time-off

Customer Alert: Proactive Defense Against Threat Actor Campaigns Targeting Unpatched Network Security Solutions As the holiday season approaches, we are urging all Ivanti customers to ensure that all their network security solutions are updated to their latest versions, regardless of vendor. We...

7.5AI score
Exploits0
Ivanti
Ivanti
added 2025/09/09 1:39 p.m.10 views

Security Advisory September 2025 for Ivanti EPM 2024 SU3 and EPM 2022 SU8

Security Advisory Ivanti Endpoint Manager CVE-2025-9712, CVE-2025-9872 Summary Ivanti has released updates for Ivanti Endpoint Manager EPM which addresses high severity vulnerabilities. We are not aware of any customers being exploited by these vulnerabilities at the time of disclosure...

8.8CVSS7.8AI score0.20461EPSS
Exploits0
Ivanti
Ivanti
added 2025/07/30 6:29 p.m.10 views

Security Advisory Ivanti Avalanche (CVE-2025-8296, CVE-2025-8297) 

Summary Ivanti has released updates for Ivanti Avalanche which addresses two high severity vulnerabilities. Successful exploitation could lead to authenticated remote code execution. We are not aware of any customers being exploited by these vulnerabilities at the time of disclosure. Vulnerabilit...

7.2CVSS9.2AI score0.0122EPSS
Exploits0
Ivanti
Ivanti
added 2025/01/14 2:56 p.m.10 views

Security Advisory - Ivanti Application Control Engine (CVE-2024-10630)

Summary Ivanti has released updates for Ivanti Application Control Engine which address a high severity vulnerability. Successful exploitation could lead to bypassing configured protections. We are not aware of any customers being exploited by this vulnerability at the time of disclosure...

7.8CVSS6.5AI score0.00222EPSS
Exploits0
Ivanti
Ivanti
added 2024/12/10 6:33 p.m.10 views

Security Advisory Ivanti Desktop and Server Management (DSM) (CVE-2024-7572)

Summary Ivanti has released updates for Ivanti Desktop and Server Management which addresses one high severity vulnerability. Successful exploitation could lead to local arbitrary file deletion. We are not aware of any customers being exploited by these vulnerabilities at the time of disclosure...

7.1CVSS7AI score0.00204EPSS
Exploits0
Ivanti
Ivanti
added 2024/12/10 5:55 p.m.10 views

December 2024 Security Advisory Ivanti Connect Secure (ICS) and Ivanti Policy Secure (IPS) (Multiple CVEs)

Ivanti has released updates for Ivanti Connect Secure and Ivanti Policy Secure which addresses high and critical severity vulnerabilities. We are not aware of any customers being exploited by these vulnerabilities at the time of disclosure. Vulnerability Details: Important: Unless the CVE...

9.1CVSS8.9AI score0.01847EPSS
Exploits0
Ivanti
Ivanti
added 2024/12/10 9:43 a.m.10 views

December 2024 Security Advisory Ivanti Workspace Control (IWC) (CVE-2024-8496)

Summary Ivanti has released updates for Workspace Control which addresses one high severity vulnerability. Successful exploitation could lead to local privilege escalation. We are not aware of any customers being exploited by this vulnerability at the time of disclosure. Vulnerability Details: CV...

7.8CVSS6.4AI score0.0021EPSS
Exploits0
Ivanti
Ivanti
added 2024/07/16 9:6 a.m.10 views

SA-2024-07-12-CVE-2024-38648

SECURITY ADVISORY 07-12-2024 Product Affected: Ivanti Desktop and Server Management A vulnerability was recently discovered in DSM. This vulnerability is remediated in DSM 2024.2. Vulnerability Information CVE | CVSS | Summary | Product Affected ---|---|---|--- CVE-2024-38648 CVE Reserved | 9.0...

9CVSS6.4AI score0.00554EPSS
Exploits0
Ivanti
Ivanti
added 2024/07/12 8:18 a.m.10 views

SA-2024-07-12-CVE-2024-29821

SECURITY ADVISORY 07-12-2024 Product Affected: Ivanti Desktop and Server Management A vulnerability was recently discovered in DSM. This vulnerability is remediated in DSM 2024.2. Vulnerability Information CVE | CVSS | Summary | Product Affected ---|---|---|--- CVE-2024-29821 CVE Reserved | 7.8...

7.8CVSS6.7AI score0.00226EPSS
Exploits0
Ivanti
Ivanti
added 2024/03/18 4:54 p.m.10 views

CVE-2023-41724 (Remote Code Execution) for Ivanti Standalone Sentry

A new vulnerability has been discovered in the Ivanti Standalone Sentry and patches remediating this vulnerability are available now. This vulnerability impacts all supported versions 9.17.0, 9.18.0, and 9.19.0. Older versions are also at risk. There is a patch available now via the standard...

9.6CVSS7.4AI score0.12844EPSS
Exploits0
Ivanti
Ivanti
added 2024/03/01 9:41 a.m.10 views

[CVE-2024-1597] PostgreSQL - Mobileiron line products (Ivanti EPMM Reporting DB, Ivanti N-MDM/Cloud)

Last Modified Date Mar 8, 2024 9:01:56 PM...

10CVSS7AI score0.0481EPSS
Exploits0
Ivanti
Ivanti
added 2024/01/22 10:7 p.m.10 views

CVE-2024-21888 Privilege Escalation for Ivanti Connect Secure and Ivanti Policy Secure 

DESCRIPTION: As part of our ongoing investigation into the vulnerabilities reported on 10 January in Ivanti Connect Secure, Ivanti Policy Secure and ZTA gateways, we have discovered new vulnerabilities. These vulnerabilities impact all supported versions – Version 9.x and 22.x refer to Granular...

8.8CVSS10AI score0.99999EPSS
Exploits7
Ivanti
Ivanti
added 2023/07/24 9:59 p.m.10 views

CVE-2023-35078 - Remote Unauthenticated API Access Vulnerability

A vulnerability has been discovered in Ivanti Endpoint Manager Mobile EPMM, formerly known as MobileIron Core. This vulnerability impacts all supported versions – Version 11.4 releases 11.10, 11.9 and 11.8. Older versions/releases are also at risk. If exploited, this vulnerability enables an...

10CVSS7.3AI score0.99999EPSS
Exploits14
Ivanti
Ivanti
added 2023/06/22 6:28 p.m.10 views

CVE (2023-34298) Ivanti Secure Access Client Local Privilege Escalation

Summary A logged in Windows user can leverage functionality of the Pulse Secure / Ivanti Secure Access Client or Pulse Secure Installer Service to carry out a privilege escalation on the user machine. Mitigation None Currently Related Links https://forums.ivanti.com/s/article/New-Client-Side...

7.8CVSS7.5AI score0.0097EPSS
Exploits0
Ivanti
Ivanti
added 2023/02/14 7:22 a.m.10 views

JSA10402 - Pulse Connect Secure (PCS) and Pulse Policy Secure (PPS) - Multiple Web-based CGI and Cross Site Scripting (XSS) vulnerabilities.

Ivanti 4th of March 2024 - This isn't an active SA and any new edits are part of an article maintenance project. CGI and Cross Site Scripting vulnerabilities found and fixed through a combination of internal and external proactive security testing: - Internal path was displayed in some error...

6.5AI score
Exploits0
Ivanti
Ivanti
added 2023/02/14 7:22 a.m.10 views

JSA10628 - 2014-06 Security Bulletin: Pulse Connect Secure (PCS) and Pulse Policy Secure (PPS): Weak SSL cipher allowed unexpectedly when higher level cipher group is configured (CVE-2014-3812)

Edit: 4th of March 2024 - This isn't an active SA and any new edits are part of an article maintenance project. A weak cipher issue has been discovered on the Pulse Connect Secure PCS and Pulse Policy Secure PPS devices. When configuring the device to use a higher level cipher setting, a lower...

5CVSS6.7AI score0.00745EPSS
Exploits0
Ivanti
Ivanti
added 2023/02/14 7:22 a.m.10 views

JSA10602 - 2013-12 Security Bulletin: Pulse Connect Secure (PCS): Cross site scripting issue (CVE-2013-6956)

Ivanti 4th of March 2024 - This isn't an active SA and any new edits are part of an article maintenance project. A cross site scripting issue has been found in Pulse Connect Secure PCS. The problem is a result of incorrect user input validation on the PCS web server. The issue exists within a fil...

2.1CVSS6AI score0.00931EPSS
Exploits1
Ivanti
Ivanti
added 2023/02/14 7:22 a.m.10 views

JSA10616 - 2014-03 Security Bulletin: Pulse Connect Secure (PCS): Linux Network Connect client local user privilege escalation issue (CVE-2014-2292)

Ivanti 4th of March 2024 - This isn't an active SA and any new edits are part of an article maintenance project. A privilege escalation issue has been found and corrected in the Linux Network Connect client. This issue could allow a non-root user to escalate their access to root privileges on a...

7.2CVSS7.2AI score0.00387EPSS
Exploits0
Ivanti
Ivanti
added 2023/02/14 7:22 a.m.10 views

JSA10488 - 2011-09 Security Bulletin: Pulse Connect Secure (PCS) & Pulse Policy Secure (PPS): Admin Interface Issue

Edit: 4th of March 2024 - This isn't an active SA and any new edits are part of an article maintenance project. Custom Sign-In page upload requires additional validation. The following software releases have a fix for this issue: PCS: 6.5R9; 7.0R5, 7.1R2 or higher. PPS: 4.1R2 or higher. We...

7.2AI score
Exploits0
Ivanti
Ivanti
added 2023/02/14 7:22 a.m.10 views

JSA10326 - PCS 2.2 Cross-Scripting Alert, Released 10/23/02

There are two specific issues that have been identified that could be exploited to generate a cross-site scripting attack. Please note that in all cases, the possibility that these issues can be exploited to compromise the system or the network is very unlikely but is possible. All customers...

6.6AI score
Exploits0
Ivanti
Ivanti
added 2023/02/14 7:22 a.m.10 views

JSA10617 - 2014-03 Security Bulletin: Pulse Connect Secure: Cross site scripting issue (CVE-2014-2291)

Edit: 4th of March 2024 - This isn't an active SA and any new edits are part of an article maintenance project. A cross site scripting issue has been found in the Pulse Connect Secure product. The problem is a result of incorrect user input validation on the web server. The issue exists within a...

3.5CVSS5.7AI score0.00936EPSS
Exploits1
Ivanti
Ivanti
added 2023/02/14 7:22 a.m.10 views

SA40004 - [Pulse Secure] TLS connection verification issue (CVE-2015-5369)

Edit: 4th of March 2024 - This isn't an active SA and any new edits are part of an article maintenance project. On Pulse Connect Secure PCS that offer Hardware Acceleration PSC6000, PCS6500, MAG PSC360 and enabled, then TLS connections may be vulnerable to a protocol handshake vulnerability. This...

4.3CVSS6.9AI score0.01751EPSS
Exploits1
Ivanti
Ivanti
added 2023/02/14 7:22 a.m.10 views

SA40206 - [Pulse Secure] Denial of service issue possible (CVE-2016-4786)

Ivanti 4th of March 2024 - This isn't an active SA and any new edits are part of an article maintenance project. An issue was discovered in the Pulse Connect Secure device that would allow an attacker to impact CPU performance. This issue exists on non-authenticated resources. This issue was...

7.8CVSS6.7AI score0.02096EPSS
Exploits0
Ivanti
Ivanti
added 2023/02/14 7:22 a.m.10 views

SA40145 - [Pulse Secure] January 28th 2016 OpenSSL Security Advisory

Ivanti 4th of March 2024 - This isn't an active SA and any new edits are part of an article maintenance project. On January 28th 2016 the OpenSSL project announced two new security advisories. The OpenSSL advisory can be found at the following link: https://www.openssl.org/news/secadv/20160128.tx...

5.9CVSS7AI score0.83645EPSS
Exploits2
Ivanti
Ivanti
added 2023/02/14 7:22 a.m.10 views

SA40211 - [Pulse Secure] Cross site scripting issue (CVE-2016-4790)

Ivanti 4th of March 2024 - This isn't an active SA and any new edits are part of an article maintenance project. A cross site scripting issue has been discovered in the Pulse Connect Secure device. This issue exists in a file that is located in the authenticated area of the administrative user...

5.5CVSS5.9AI score0.01001EPSS
Exploits0
Ivanti
Ivanti
added 2023/02/14 7:22 a.m.10 views

SA40212 - [Pulse Secure] Sign in page disclosure issue (CVE-2016-4792)

Ivanti 4th of March 2024 - This isn't an active SA and any new edits are part of an article maintenance project. An issue was found on the Pulse Connect Secure device that could allow disclosure of sign in pages. The security of the pages is not affected by this issue. This issue was assigned:...

5.3CVSS6.5AI score0.02102EPSS
Exploits0
Ivanti
Ivanti
added 2023/02/14 7:22 a.m.10 views

SA43604 - 2018-01 Out-of-Cycle Advisory: Stack buffer overflow Vulnerability (CVE-2018-5299)

Edit: 4th of March 2024 - This isn't an active SA and any new edits are part of an article maintenance project. A buffer overflow vulnerability has been found in the web server that could allow a remote attacker to cause memory corruption and possibly execute arbitrary code via a crafted web...

9.8CVSS8.2AI score0.03061EPSS
Exploits0
Ivanti
Ivanti
added 2023/02/14 7:22 a.m.10 views

SA44846 - OpenSSL Security Advisory CVE-2021-23841

On February 16 2021, the OpenSSL project announced a new security advisory. These issues may affect Pulse Secure product. Refer to KB43892 - What releases will Pulse Secure apply fixes to resolve security vulnerabilities per our End of Engineering EOE and End of Life EOL policies. The OpenSSL...

7.5CVSS7.3AI score0.50732EPSS
Exploits0
Ivanti
Ivanti
added 2023/02/14 7:22 a.m.10 views

SA44712 - 2021-02: Out-of-Cycle Advisory: Pulse Secure response to BIOS Trickboot Vulnerability

Ivanti 4th of March 2024 - This isn't an active SA and any new edits are part of an article maintenance project. A vulnerability in the BIOS of Pulse Secure PSA-Series Hardware could allow an attacker to compromise BIOS firmware. This vulnerability can be exploited only as part of an attack chain...

2.3CVSS6.8AI score0.00249EPSS
Exploits0
Ivanti
Ivanti
added 2022/11/17 3:28 p.m.10 views

Security Advisory for Ivanti Endpoint Manager Client-CVE-2022-27773

SECURITY ADVISORY 2022-11-16 Product Affected: Ivanti EPM Endpoint Manager PROBLEM: A vulnerability was recently discovered for Ivanti Endpoint Manager Client. Vulnerability InformationCVE| CVSS| Summary ---|---|--- CVE-2022-27773CVE | High - CVSS=7.8 AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | An issu...

9.8CVSS7.2AI score0.02585EPSS
Exploits0
Ivanti
Ivanti
added 2026/04/14 1:59 p.m.9 views

Security Advisory Ivanti Neurons for ITSM (CVE-2026-4913, CVE-2026-4914)

Ivanti has released updates for Ivanti Neurons for ITSM which addresses two medium severity vulnerabilities We are not aware of any customers being exploited by these vulnerabilities at the time of disclosure. Vulnerability Details: CVE Number | Description | CVSS Score Severity | CVSS Vector | C...

5.7CVSS5.8AI score0.00586EPSS
Exploits0
Ivanti
Ivanti
added 2025/11/10 4:30 p.m.9 views

Security Advisory EPM November 2025 for EPM 2024

Summary Ivanti has released updates for Ivanti Endpoint Manager which addresses three high vulnerabilities. Successful exploitation could allow a local authenticated attacker to write arbitrary files anywhere on disk. Two of the resolved vulnerabilities, CVE-2025-9713 and CVE-2025-11622, were...

7.8CVSS7AI score0.00754EPSS
Exploits0
Ivanti
Ivanti
added 2025/10/14 1:58 p.m.9 views

Security Advisory Endpoint Manager Mobile (EPMM) 10/2025 (Multiple CVEs)

Security Advisory Endpoint Manager Mobile EPMM Multiple CVEs Summary Ivanti has released updates for EPMM which addresses one medium and three high severity vulnerabilities. Successful exploitation requires authentication and could lead to remote code execution. We are not aware of any customers...

7.2CVSS8.3AI score0.2084EPSS
Exploits0
Ivanti
Ivanti
added 2025/10/14 1:57 p.m.9 views

October 2025 Security Advisory Ivanti Neurons for MDM

Summary Ivanti has released updates for Ivanti Neurons for MDM which addresses one medium and two high severity vulnerabilities. We are not aware of any customers being exploited by these vulnerabilities at the time of disclosure. Vulnerability Details Description | CVSS Score Severity | CVSS...

7AI score
Exploits0
Ivanti
Ivanti
added 2024/12/10 5:51 p.m.9 views

Security Advisory Ivanti Patch SDK (CVE-2024-10256)

Summary Ivanti has released updates for Ivanti Patch SDK which addresses a high severity vulnerability. Successful exploitation could lead to local arbitrary file deletion. We are not aware of any customers being exploited by this vulnerability at the time of disclosure. NOTE: This article has be...

7.1CVSS6.8AI score0.00209EPSS
Exploits0
Ivanti
Ivanti
added 2024/12/10 10:49 a.m.9 views

December 2024 Security Advisory Ivanti Application Control (CVE-2024-11598)

Summary Ivanti has released updates for Ivanti Application Control which address one high severity vulnerability. We are not aware of any customers being exploited by this vulnerability at the time of disclosure. Vulnerability Details: CVE Number| Description| CVSS Score Severity| CVSS Vector| CW...

7.8CVSS6.6AI score0.0021EPSS
Exploits0
Ivanti
Ivanti
added 2024/07/17 2:8 p.m.9 views

Security Advisory Ivanti Endpoint Manager for Mobile (EPMM) July 2024

Last Modified Date Oct 16, 2025 7:31:18 PM...

5.9AI score
Exploits0
Ivanti
Ivanti
added 2023/02/14 7:22 a.m.9 views

JSA10469 - Pre-authentication CGI script prints arbitrary contents of XML and ZIP files

Edit: 4th of March 2024 - This isn't an active SA and any new edits are part of an article maintenance project. Certain CGI scripts found on the appliance are accessible during pre-authentication. There is an issue that may allow access to arbitrary XML files or the contents of ZIP files on the...

7.1AI score
Exploits0
Total number of security vulnerabilities286