Lucene search
K
IvantiRecent

282 matches found

Ivanti
Ivanti
added 2023/11/09 4:55 p.m.10 views

CVE-2023-39337 - MobileConfig profile download authentication bypass

Last Modified Date Dec 11, 2023 2:11:27 PM...

9.1CVSS7.3AI score0.01897EPSS
Exploits0
Ivanti
Ivanti
added 2023/11/09 4:55 p.m.7 views

CVE-2023-39338 - Authenticated user access protected Sentry service vulnerability

Last Modified Date Jul 9, 2025 1:23:20 PM...

6.8CVSS6.7AI score0.0083EPSS
Exploits0
Ivanti
Ivanti
added 2023/10/19 9:32 p.m.18 views

CVE-2023-38041 New client side release to address a privilege escalation on Windows user machines

Summary A vulnerability exists on all versions of the Ivanti Secure Access Client Below 22.6R1 that would allow an unprivileged local user to gain unauthorized elevated privileges on the affected system. Mitigation Currently None Resoluiton To resolve the below mentioned vulnerability upgrade you...

7.8CVSS6.8AI score0.00672EPSS
Exploits0
Ivanti
Ivanti
added 2023/10/04 4:22 p.m.11 views

SA-2023-08-08-CVE-2023-35084

SECURITY ADVISORY 08-08-2023 Product Affected: Ivanti Endpoint Manager A vulnerability was recently discovered for EPM 2022 SU3 and all previous versions. We have a Hotfix available to remediate this vulnerability that can be found by going to CVE-2023-35084 Full details. Please log into the...

9.8CVSS6.4AI score0.02848EPSS
Exploits0
Ivanti
Ivanti
added 2023/10/04 4:13 p.m.9 views

SA-2023-08-08-CVE-2023-35083

SECURITY ADVISORY 08-08-2023 Product Affected: Ivanti Endpoint Manager A vulnerability was recently discovered for EPM 2022 SU3 and all previous versions. We have a Hotfix available to remediate this vulnerability that can be found by going to CVE-2023-35083 Full details. Please log into the...

6.5CVSS9.5AI score0.01091EPSS
Exploits0
Ivanti
Ivanti
added 2023/09/15 7:6 a.m.6 views

Samsung Email app security patch for CWE-297

Last Modified Date Sep 15, 2023 7:06:21 AM...

5.8AI score
Exploits0
Ivanti
Ivanti
added 2023/08/31 4:52 p.m.24 views

Security Advisory - Avalanche CVE-2023-38036

Last Modified Date Mar 8, 2024 4:49:43 PM...

9.8CVSS7.5AI score0.98919EPSS
Exploits7
Ivanti
Ivanti
added 2023/08/21 2:0 p.m.14 views

KB API Authentication Bypass on Sentry Administrator Interface - CVE-2023-38035

A vulnerability has been discovered in Ivanti Sentry, formerly MobileIron Sentry. This vulnerability impacts all supported versions – 9.18, 9.17, and 9.16. Older versions/releases are also at risk. This vulnerability does not affect other Ivanti products or solutions, such as Ivanti EPMM,...

9.8CVSS8AI score0.99949EPSS
Exploits6
Ivanti
Ivanti
added 2023/08/21 2:0 p.m.11 views

CVE-2023-38035 – API Authentication Bypass on Sentry Administrator Interface

A vulnerability has been discovered in Ivanti Sentry, formerly known as MobileIron Sentry. This vulnerability impacts versions 9.18 and prior. The vulnerability does not impact other Ivanti products, such as Ivanti EPMM or Ivanti Neurons for MDM. If exploited, this vulnerability enables an...

9.8CVSS9.8AI score0.99949EPSS
Exploits6
Ivanti
Ivanti
added 2023/08/14 2:57 p.m.7 views

Sentry : Database Open Access Vulnerability

Last Modified Date Aug 17, 2023 3:23:30 PM...

5.8AI score
Exploits0
Ivanti
Ivanti
added 2023/08/03 9:0 p.m.14 views

Avalanche Vulnerabilities Addressed in 6.4.1

Securtiy Advisory for Avalanche 6.4 and older. To resolve these vulnerabilities, please upgrade to Avalanche 6.4.1.207 Download Page: https://www.wavelink.com/Download-AvalancheMobile-Device-Management-Software/ Release Notes:...

9.8CVSS8AI score0.98919EPSS
Exploits7
Ivanti
Ivanti
added 2023/08/02 3:56 p.m.27 views

CVE-2023-35082 – Remote Unauthenticated API Access Vulnerability

DESCRIPTION: Update: Since originally reporting CVE-2023-35082 on 2 August 2023 at 10:00 MDT, Ivanti has continued its investigation and has found that this vulnerability impacts all versions of Ivanti Endpoint Manager Mobile EPMM 11.10, 11.9 and 11.8 and MobileIron Core 11.7 and below. The risk ...

10CVSS7.1AI score0.99999EPSS
Exploits2
Ivanti
Ivanti
added 2023/07/28 3:59 p.m.13 views

CVE-2023-35081 - Remote Arbitrary File Write

A vulnerability has been discovered in Ivanti Endpoint Manager Mobile EPMM, formerly known as MobileIron Core. This vulnerability impacts all supported versions –releases 11.10, 11.9 and 11.8. Older versions/releases are also at risk. This vulnerability is different from CVE-2023-35078, released ...

7.2CVSS7.3AI score0.63316EPSS
Exploits0
Ivanti
Ivanti
added 2023/07/27 6:6 p.m.8 views

SA-2023-07-26-CVE-2023-28129

SECURITY ADVISORY 07-26-2023 Product Affected: Ivanti Desktop and Server Management A vulnerability was recently discovered in DSM 2022.1 Service Update 1. This vulnerability is remediated in DSM 2022.2 Service Update 3. Vulnerability Information CVE | CVSS | Summary | Product Affected...

7.8CVSS7.7AI score0.00297EPSS
Exploits0
Ivanti
Ivanti
added 2023/07/24 9:59 p.m.10 views

CVE-2023-35078 - Remote Unauthenticated API Access Vulnerability

A vulnerability has been discovered in Ivanti Endpoint Manager Mobile EPMM, formerly known as MobileIron Core. This vulnerability impacts all supported versions – Version 11.4 releases 11.10, 11.9 and 11.8. Older versions/releases are also at risk. If exploited, this vulnerability enables an...

10CVSS7.3AI score0.99999EPSS
Exploits14
Ivanti
Ivanti
added 2023/07/19 8:13 p.m.21 views

SA-2023-07-19-CVE-2023-35077

SECURITY ADVISORY 07-19-2023 Product Affected: Ivanti Endpoint Manager A vulnerability was recently discovered for Ivanti Antivirus Security Content version 7.94791 and all previous versions. Updating to Ivanti Antivirus Product version 7.9.1.285 will allow the Security Content version to update ...

8.1CVSS7.1AI score0.01498EPSS
Exploits0
Ivanti
Ivanti
added 2023/06/22 6:28 p.m.9 views

CVE (2023-34298) Ivanti Secure Access Client Local Privilege Escalation

Summary A logged in Windows user can leverage functionality of the Pulse Secure / Ivanti Secure Access Client or Pulse Secure Installer Service to carry out a privilege escalation on the user machine. Mitigation None Currently Related Links https://forums.ivanti.com/s/article/New-Client-Side...

7.8CVSS7.5AI score0.0097EPSS
Exploits0
Ivanti
Ivanti
added 2023/06/19 4:21 p.m.8 views

SA-2023-06-20-CVE-2023-28323

SECURITY ADVISORY 06-20-2023 Product Affected: Ivanti Endpoint Manager A vulnerability was recently discovered for EPM 2022 SU3 and all previous versions. We have a Hotfix available to remediate this vulnerability that can be found by going to CVE-2023-28323 Full details . Please log into the...

9.8CVSS8AI score0.03121EPSS
Exploits0
Ivanti
Ivanti
added 2023/06/07 7:55 p.m.12 views

SA-2023-06-06-CVE-2023-28324

SECURITY ADVISORY 06-06-2023 Product Affected: Ivanti Endpoint Manager A vulnerability was recently discovered for Ivanti Endpoint Manager for all versions of 2022 SU2 and below. Please patch to the latest version of EPM 2022. If you are using 2021.1, please patch to SU4 and apply the hotfix as...

9.8CVSS7.9AI score0.11766EPSS
Exploits5
Ivanti
Ivanti
added 2023/05/05 5:59 p.m.5 views

ZDI-CAN-17750: Ivanti Avalanche EnterpriseServer GetSettings Exposed Dangerous Method Authentication Bypass Vulnerability

This vulnerability allows to bypass the patches for following vulnerabilities: ZDI-CAN-15251 ZDI-CAN-15137 ZDI-CAN-15528 ZDI-CAN-15919 Those patches restricted an access to the messages or validated the response through the calculation of the h.meta1 token. However, the attacker is able to leak t...

7.3AI score
Exploits0
Ivanti
Ivanti
added 2023/05/05 5:59 p.m.7 views

ZDI-CAN-17769 Ivanti Avalanche getLogFile Directory Traversal Information Disclosure

This advisory presents a bypass for the ZDI-CAN-15967 Path Traversal leading to Arbitrary File Read patch. getLogFile method verifies the UUID input parameter. However, it does not verify the provided fileName path. According to that, the attacker can still exploit this issue and retrieve files...

7.1AI score
Exploits0
Ivanti
Ivanti
added 2023/05/05 5:57 p.m.7 views

ZDI-CAN-17812: Ivanti Avalanche FileStoreConfig Arbitrary File Upload Remote Code Execution Vulnerability

This vulnerability presents a bypass for the ZDI-CAN-14187 vulnerability patch Arbitrary File Upload leading to Remote Code Execution. Blacklist of the forbidden directories can be bypassed with the 8.3 filenames. Instead of the "Program Files" directory, the attacker may use "PROGRA1". .jsp...

8AI score
Exploits0
Ivanti
Ivanti
added 2023/05/05 5:52 p.m.13 views

ZDI-CAN-17729 - CVE-2023-28125 - Bug 958437: ZDI-CAN-17729: Ivanti Avalanche InfoRail Authentication Bypass Vulnerability

Last Modified Date 2024-3-8 16:51:05...

5.9CVSS6.8AI score0.02252EPSS
Exploits0
Ivanti
Ivanti
added 2023/03/07 6:45 p.m.8 views

Avalanche ZDI-CAN-19513 Security Advisory

Last Modified Date Apr 3, 2023 8:41:48 PM...

7.5CVSS7.5AI score0.64818EPSS
Exploits0
Ivanti
Ivanti
added 2023/03/07 1:38 a.m.6 views

CSA 上的 HSTS 安全漏洞

Last Modified Date Jul 27, 2023 11:22:48 AM...

5.8AI score
Exploits0
Ivanti
Ivanti
added 2023/02/14 7:22 a.m.11 views

JSA10571 - 2013-06 Security Bulletin: Pulse Connect Secure (PCS) and Pulse Policy Secure (PPS): Internal and test Certificate Authority Root Servers unintentionally added to Trusted CA list

Edit: 4th of March 2024 - This isn't an active SA and any new edits are part of an article maintenance project. The Pulse Connect Secure PCS and Pulse Policy Secure PPS software use Trusted Server CA Root Certificate list in order to verify the validity of certificates. Internal and development...

4.3CVSS7AI score0.00488EPSS
Exploits0
Ivanti
Ivanti
added 2023/02/14 7:22 a.m.5 views

JSA10462 - Cross-site scripting issue with file browsing upload page

Problem A cross-site scripting XSS vulnerability was identified in the PCS / PPS file browsing upload page during a routine security scan. Specifically, this URL is called when a user attempts to upload a set of files. A malicious URL can be crafted with a bad payload that could allow unauthorize...

6AI score
Exploits0
Ivanti
Ivanti
added 2023/02/14 7:22 a.m.7 views

JSA10469 - Pre-authentication CGI script prints arbitrary contents of XML and ZIP files

Edit: 4th of March 2024 - This isn't an active SA and any new edits are part of an article maintenance project. Certain CGI scripts found on the appliance are accessible during pre-authentication. There is an issue that may allow access to arbitrary XML files or the contents of ZIP files on the...

7.1AI score
Exploits0
Ivanti
Ivanti
added 2023/02/14 7:22 a.m.11 views

JSA10590 - 2013-09 Security Bulletin: Pulse Connect Secure (PCS) and Pulse Policy Secure (PPS): Crafted packet can cause denial of service

Edit: 4th of March 2024 - This isn't an active SA and any new edits are part of an article maintenance project. A denial of service DoS issue has been found on the Pulse Connect Secure PCS and Pulse Policy Secure PPS devices. This issue can cause the system to hang ultimately requiring a restart ...

5.4CVSS7AI score0.01831EPSS
Exploits0
Ivanti
Ivanti
added 2023/02/14 7:22 a.m.6 views

JSA10502 - 2012-03 Security Bulletin: Pulse Connect Secure (PCS): Cross Site Scripting Issue

Ivanti 4th of March 2024 - This isn't an active SA and any new edits are part of an article maintenance project. A cross site scripting issue has been found in the Pulse Connect Secure device. The cause of this issue is due to incorrect validation of user input sent to the web server. This issue...

5.9AI score
Exploits0
Ivanti
Ivanti
added 2023/02/14 7:22 a.m.17 views

JSA10544 - 2012-11 Security Bulletin: Steel-Belted Radius: Multiple OpenSSL Vulnerabilities

Problem OpenSSL software distributed with Steel-Belted Radius is vulnerable to CVE-2011-4619, and CVE-2011-4576. These may allow decrypting encrypted information or cause a denial of service condition for the Steel-Belted Radius server. CVE-2011-4576 The SSL 3.0 implementation in OpenSSL before...

5CVSS7.5AI score0.16645EPSS
Exploits0
Ivanti
Ivanti
added 2023/02/14 7:22 a.m.8 views

JSA10553 - 2013-03: Security Bulletin: Pulse Secure Mobile: Android client privilege escalation

Edit: 4th of March 2024 - This isn't an active SA and any new edits are part of an article maintenance project. A security issue has been found in the Pulse Secure Mobile for Android. This issue could only be carried out on an Android phone that was "rooted". An issue in the Pulse Secure Mobile f...

7AI score
Exploits0
Ivanti
Ivanti
added 2023/02/14 7:22 a.m.6 views

JSA10350 - Optimistic TCP acknowledgements can cause denial of service (CERT/CC VU#102014)

The Transmission Control Protocol TCP is described in RFC 793 as a means to provide reliable host-to-host transmission between hosts in a packet-switched computer network. Numerous Internet protocols such as HTTP, SMTP, and FTP rely on TCP as their underlying transport protocol. Several different...

7.2AI score
Exploits0
Ivanti
Ivanti
added 2023/02/14 7:22 a.m.8 views

JSA10453 - 2010-09 Security Bulletin: Pulse Connect Secure (PCS) and Pulse Policy Secure (PPS): Local Client Logging Issue

Ivanti 4th of March 2024 - This isn't an active SA and any new edits are part of an article maintenance project. User session information is saved to the local system even when client logging is disabled. Pulse Secure would like to acknowledge Espion Ltd. Dublin, Ireland for bringing this to our...

6.8AI score
Exploits0
Ivanti
Ivanti
added 2023/02/14 7:22 a.m.17 views

JSA10591 - 2013-09 Security Bulletin: Pulse Connect Secure and Pulse Policy Secure: Multiple OpenSSL vulnerabilities

Edit: 4th of March 2024 - This isn't an active SA and any new edits are part of an article maintenance project. Multiple OpenSSL vulnerabilities have been found in the PCS and PPS devices. CVE| Issue| CVE Description| CVSS Score ---|---|---|--- CVE-2012-2131| OpenSSL buffer overflow issue| Multip...

7.5CVSS8.6AI score0.35584EPSS
Exploits1
Ivanti
Ivanti
added 2023/02/14 7:22 a.m.7 views

JSA10470 - Pre-authentication CGI script fails to fully validate all parameters

Edit: 4th of March 2024 - This isn't an active SA and any new edits are part of an article maintenance project. CGI scripts accessible during pre-authentication may fail to verify the validity of values supplied as parameters. This could lead to the arbitrary fetching of ".exe" files from the...

7.1AI score
Exploits0
Ivanti
Ivanti
added 2023/02/14 7:22 a.m.7 views

JSA10536 - 2012-09 Security Bulletin: Pulse Connect Secure (PCS) and Pulse Policy Secure (PPS): Specifically crafted https packet may cause denial of service

Edit: 4th of March 2024 - This isn't an active SA and any new edits are part of an article maintenance project. A denial of service issue was found in the Pulse Connect Secure PCS and Pulse Policy Secure PPS system software. A specific malformed https packet can potentially cause a system service...

7AI score
Exploits0
Ivanti
Ivanti
added 2023/02/14 7:22 a.m.10 views

JSA10402 - Pulse Connect Secure (PCS) and Pulse Policy Secure (PPS) - Multiple Web-based CGI and Cross Site Scripting (XSS) vulnerabilities.

Ivanti 4th of March 2024 - This isn't an active SA and any new edits are part of an article maintenance project. CGI and Cross Site Scripting vulnerabilities found and fixed through a combination of internal and external proactive security testing: - Internal path was displayed in some error...

6.5AI score
Exploits0
Ivanti
Ivanti
added 2023/02/14 7:22 a.m.9 views

JSA10471 - Out of Cycle Security Bulletin: Pulse Connect Secure (PCS) Network Connect Credential Provider Issue

Ivanti 4th of March 2024 - This isn't an active SA and any new edits are part of an article maintenance project. There is an issue with Network Connect Credential Provider where local machine authentication can be bypassed on Windows 7 and Vista. If Network Connect Credential Provider is configur...

7.4AI score
Exploits0
Ivanti
Ivanti
added 2023/02/14 7:22 a.m.10 views

JSA10628 - 2014-06 Security Bulletin: Pulse Connect Secure (PCS) and Pulse Policy Secure (PPS): Weak SSL cipher allowed unexpectedly when higher level cipher group is configured (CVE-2014-3812)

Edit: 4th of March 2024 - This isn't an active SA and any new edits are part of an article maintenance project. A weak cipher issue has been discovered on the Pulse Connect Secure PCS and Pulse Policy Secure PPS devices. When configuring the device to use a higher level cipher setting, a lower...

5CVSS6.7AI score0.00745EPSS
Exploits0
Ivanti
Ivanti
added 2023/02/14 7:22 a.m.7 views

JSA10445 - 2010-06 Security Bulletin: Pulse Connect Secure (PCS) Cross Site Scripting Issue in Windows Secure Application Manager

Ivanti 4th of March 2024 - This isn't an active SA and any new edits are part of an article maintenance project. Cross site scripting issue on uninstallation link for Windows Secure Application Manager. This issue was found during internal proactive security testing. This vulnerability only affec...

6.9AI score
Exploits0
Ivanti
Ivanti
added 2023/02/14 7:22 a.m.21 views

JSA10648 - 2014-09 Out of Cycle Security Bulletin: Multiple Products: Shell Command Injection Vulnerability in Bash

Edit: 4th of March 2024 - This isn't an active SA and any new edits are part of an article maintenance project. Bash or the Bourne again shell has vulnerabilities in the way it handles environment variables when it is invoked. Under some scenarios, network based remote attackers can inject shell...

10CVSS8.1AI score0.99999EPSS
Exploits139
Ivanti
Ivanti
added 2023/02/14 7:22 a.m.6 views

JSA10656 - 2014-10 Out of Cycle Security Bulletin: Multiple products affected by SSL POODLE vulnerability (CVE-2014-3566)

Ivanti 4th of March 2024 - This isn't an active SA and any new edits are part of an article maintenance project. The SSL protocol 3.0 SSLv3 uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack. This issue is...

4.3CVSS6.2AI score0.99999EPSS
Exploits7
Ivanti
Ivanti
added 2023/02/14 7:22 a.m.6 views

JSA10376 - Pulse Policy Secure (PPS) Infranet Controller Webroot Path Disclosure Vulnerability

Ivanti 4th of March 2024 - This isn't an active SA and any new edits are part of an article maintenance project. By requesting the 'remediate.cgi' script omitting certain parameters, the embedded IC web server returns the physical path of the webroot '/home/webserver/htdocs/' within an "Execute...

6.8AI score
Exploits0
Ivanti
Ivanti
added 2023/02/14 7:22 a.m.8 views

JSA10589 - 2013-09 Security Bulletin: Pulse Connect Secure (PCS): Multiple cross site scripting issues

Ivanti 4th of March 2024 - This isn't an active SA and any new edits are part of an article maintenance project. Multiple cross site scripting issues have been found in the Pulse Connect Secure PCS product. The issues are the result of incorrect validation of user input sent to the PCS web server...

4.3CVSS6.2AI score0.00931EPSS
Exploits0
Ivanti
Ivanti
added 2023/02/14 7:22 a.m.7 views

JSA10374 - Pulse Connect Secure (PCS) SSL VPN Webroot Path Disclosure Vulnerability

Ivanti 4th of March 2024 - This isn't an active SA and any new edits are part of an article maintenance project. By requesting the 'remediate.cgi' script omitting certain parameters, the embedded PCS web server returns the physical path of the webroot '/home/webserver/htdocs/' within an "Execute...

6.6AI score
Exploits0
Ivanti
Ivanti
added 2023/02/14 7:22 a.m.13 views

JSA10482 - 2011-07 Out of Cycle Security Bulletin: Multiple Products; TLS/SSL Renegotiation Vulnerability (CVE-2009-3555)

Edit: 4th of March 2024 - This isn't an active SA and any new edits are part of an article maintenance project. CVE-2009-3555 summary: The TLS protocol, and the SSL protocol 3.0 and possibly earlier, does not properly associate renegotiation handshakes with an existing connection, which allows...

9.8CVSS6.4AI score0.87264EPSS
Exploits14
Ivanti
Ivanti
added 2023/02/14 7:22 a.m.5 views

JSA10497 - 2012-09: Security, Access, and Acceleration: Security Advisories Released

Edit: 4th of March 2024 - This isn't an active SA and any new edits are part of an article maintenance project. A new Security, Access, and Acceleration product security advisory bundle has been released. This message contains the links to the new JSA advisories that have been released. In the...

7AI score
Exploits0
Ivanti
Ivanti
added 2023/02/14 7:22 a.m.10 views

JSA10602 - 2013-12 Security Bulletin: Pulse Connect Secure (PCS): Cross site scripting issue (CVE-2013-6956)

Ivanti 4th of March 2024 - This isn't an active SA and any new edits are part of an article maintenance project. A cross site scripting issue has been found in Pulse Connect Secure PCS. The problem is a result of incorrect user input validation on the PCS web server. The issue exists within a fil...

2.1CVSS6AI score0.00931EPSS
Exploits1
Ivanti
Ivanti
added 2023/02/14 7:22 a.m.6 views

JSA10512 - 2012-06 Security Bulletin: Pulse Connect Secure (PCS): Open redirect issue

Ivanti 4th of March 2024 - This isn't an active SA and any new edits are part of an article maintenance project. An open redirect issue has been found in the Pulse Connect Secure PCS product. The issue is caused by incorrect validation of user input sent to the PCS web server. The issue exists in...

6.8AI score
Exploits0
Total number of security vulnerabilities282