282 matches found
SA44399 - 2020-03: Out-of-Cycle Advisory: Pulse Secure recommendations for Enterprise VPN Security (AA20-073A)
Ivanti 4th of March 2024 - This isn't an active SA and any new edits are part of an article maintenance project. Many organizations are switching to alternate workplace options for employees in response to the rapidly spreading Novel Coronavirus COVID-19. Malicious cyber actors will inevitably...
SA44516 - 2020-07: Security Bulletin: Multiple Vulnerabilities Resolved in Pulse Connect Secure / Pulse Policy Secure 9.1R8
Problem This advisory provides information about multiple vulnerabilities resolved in Pulse Connect Secure 9.1R8 and Pulse Policy Secure 9.1R8. Refer to KB43892 - What releases will Pulse Secure apply fixes to resolve security vulnerabilities? per our End of Engineering EOE and End of Life EOL...
SA44525 - 2020-07: Out-of-Cycle Advisory: Multiple Vulnerabilities in Apache Guacamole Software
Ivanti 4th of March 2024 - This isn't an active SA and any new edits are part of an article maintenance project. This advisory provides information about the Apache Guacamole HTML5 Access vulnerabilities highlighted in CVE-2020-9498 and CVE-2020-9497. If a end user connects to a malicious or...
SA44800 - 2021-05: Out-of-Cycle Advisory: Pulse Connect Secure Buffer Overflow Vulnerability
Ivanti 4th of March 2024 - This isn't an active SA and any new edits are part of an article maintenance project. A vulnerability was discovered under Pulse Connect Secure PCS. This includes buffer overflow vulnerability on the Pulse Connect Secure gateway that allows a remote authenticated user...
SA44601 - 2020-10: Security Bulletin: Multiple Vulnerabilities Resolved in Pulse Connect Secure / Pulse Policy Secure / Pulse Secure Desktop Client 9.1R9
Edit: 4th of March 2024 - This isn't an active SA and any new edits are part of an article maintenance project. This advisory provides information about multiple vulnerabilities resolved in Pulse Connect Secure 9.1R9, Pulse Policy Secure 9.1R9 and Pulse Secure Desktop Client 9.1R9. Refer to KB438...
SA44784 - 2021-04: Out-of-Cycle Advisory: Multiple Vulnerabilities Resolved in Pulse Connect Secure 9.1R11.4
Multiple vulnerabilities were discovered and have been resolved in Pulse Connect Secure PCS. This includes an authentication by-pass vulnerability that can allow an unauthenticated user to perform remote arbitrary file execution on the Pulse Connect Secure gateway. Many of these vulnerabilities...
SA44574 - 2020-08: Out-of-Cycle Advisory: FBI and NSA Expose New Linux Malware Drovorub
Ivanti 4th of March 2024 - This isn't an active SA and any new edits are part of an article maintenance project. The United States National Security Agency and Federal Bureau of Investigation have released a Cybersecurity Advisory regarding the Drovorub malware. Drovorub is Linux malware that...
SA44508 - 2020-06: Out-of-Cycle Advisory: Multiple Vulnerabilities in Treck TCP/IP Embedded Software
Ivanti 4th of March 2024 - This isn't an active SA and any new edits are part of an article maintenance project. Treck IP network stack software is designed and used in a variety of embedded systems. The software can be licensed and integrated in various ways, including compiled from source,...
SA44676 - December 08 2020 OpenSSL Security Advisory
Problem On December 08 2020, the OpenSSL project announced a new security advisory. These issues may affect Pulse Secure product. Refer to KB43892 - What releases will Pulse Secure apply fixes to resolve security vulnerabilities? per our End of Engineering EOE and End of Life EOL policies. The...
SA44588 - 2020-09: Out-of-Cycle Advisory: Multiple vulnerabilities resolved in Pulse Connect Secure / Pulse Policy Secure 9.1R8.2
Edit: 4th of March 2024 - This isn't an active SA and any new edits are part of an article maintenance project. This advisory provides information about multiple vulnerabilities resolved in Pulse Connect Secure 9.1R8.2, Pulse Policy Secure 9.1R8.2 Refer to KB43892 - What releases will Pulse Secur...
SA44790 - HTTP Request Smuggling vulnerability with Virtual Traffic Manager (vTM)
Edit: 4th of March 2024 - This isn't an active SA and any new edits are part of an article maintenance project. An HTTP Request Smuggling vulnerability in Pulse Secure Virtual Traffic Manager could allow an attacker to 'smuggle' an HTTP request through an HTTP/2 header. In particular, customers...
SA44845 - OpenSSL Security Advisory CVE-2021-3450
On March 25 2021, the OpenSSL project announced a new security advisory. These issues may affect Pulse Secure product. Refer to KB43892 - What releases will Pulse Secure apply fixes to resolve security vulnerabilities per our End of Engineering EOE and End of Life EOL policies. The OpenSSL adviso...
SA45476 - Client Side Desync Attack (Informational)
Ivanti 4th of March 2024 - This isn't an active SA and any new edits are part of an article maintenance project. Portswigger has provided a responsible disclosure of a vulnerability that affects the Pulse Collaboration feature. Their write up can be found here:...
SA44858 - 9.1R12 Security Fixes
Ivanti 4th of March 2024 - This isn't an active SA and any new edits are part of an article maintenance project. Resolutions for Pulse Connect Secure CVEs Issue: As part of a rigorous code review that we have undertaken in close partnership with industry-leading third-party experts, we have...
SA45520 - CVE's (CVE-2022-35254,CVE-2022-35258) may lead to DoS attack
Summary: An unauthenticated attacker can cause a denial-of-service to the following products: Ivanti Connect Secure ICS in versions prior to 9.1R14.3, 9.1R15.2, 9.1R16.2, and 22.2R3, Ivanti Policy Secure IPS in versions prior to 9.1R17 and 22.2R3, and Ivanti Neurons for Zero-Trust Gateway in...
SA44846 - OpenSSL Security Advisory CVE-2021-23841
On February 16 2021, the OpenSSL project announced a new security advisory. These issues may affect Pulse Secure product. Refer to KB43892 - What releases will Pulse Secure apply fixes to resolve security vulnerabilities per our End of Engineering EOE and End of Life EOL policies. The OpenSSL...
SA44712 - 2021-02: Out-of-Cycle Advisory: Pulse Secure response to BIOS Trickboot Vulnerability
Ivanti 4th of March 2024 - This isn't an active SA and any new edits are part of an article maintenance project. A vulnerability in the BIOS of Pulse Secure PSA-Series Hardware could allow an attacker to compromise BIOS firmware. This vulnerability can be exploited only as part of an attack chain...
SA44899 - CVE-2021-22965: A Vulnerability in Pulse Connect Secure Before 9.1R12.1
Prior to 9.1R12.1 System Software, a vulnerability in the Pulse Secure server exists where malformed packets can, be used for Denial of Service. The impact and temporary mitigation is referenced in KB44879 CVE| ScoreCVSS:3.0| Vector| Description| Affected Versions ---|---|---|---|---...
SA45100 - CVE-2022-0778-OpenSSL-Vulnerability may lead to DoS attack
CVE-2022-0778 A vulnerability has been reported on the 15th of March 2022 under https://nvd.nist.gov/vuln/detail/CVE-2022-0778 Description - A flaw was found in OpenSSL. It is possible to trigger an infinite loop by crafting a certificate that has invalid explicit curve parameters. More details...
SA45038 - CVE-2022-23852 - Expat (AKA Libexpat) Before 2.4.4 Has a Signed Integer Overflow in XML_GetBuffer, for Configurations With a Nonzero XML_CONTEXT_BYTES
A vulnerability has been reported on the 23rd of Jan 2022 under https://nvd.nist.gov/vuln/detail/CVE-2022-23852 Description: Expat aka libexpat before 2.4.4 has a signed integer overflow in XMLGetBuffer, for configurations with a nonzero XMLCONTEXTBYTES. Related link:...
SA45470 - OpenSSL Security Advisory CVE-2021-4154
Last Modified Date Apr 21, 2025 9:02:45 AM...
SA45653 - Cross-site Request Forgery in Login Form
Ivanti 4th of March 2024 - This isn't an active SA and any new edits are part of an article maintenance project. In a login CSRF attack, the attacker forges a login request to an honest site using the attacker’s username and password at that site. If the forgery succeeds, the honest server...
SA45654 - Multiple OpenSSL Vulnerabilities in Layer 2 network filtering capabilities
Ivanti 4th of March 2024 - This isn't an active SA and any new edits are part of an article maintenance project. Multiple vulnerabilities were discovered with respect to Layer 2 network filtering capabilities such as IPv6 RA guard or ARP inspection can be bypassed using combinations of VLAN 0...
Impact of CVE-2023-22809 on EPMM, Sentry and Connector
Last Modified Date Mar 8, 2024 8:33:11 PM...
Security Advisory for Ivanti Endpoint Manager Client-CVE-2022-27773
SECURITY ADVISORY 2022-11-16 Product Affected: Ivanti EPM Endpoint Manager PROBLEM: A vulnerability was recently discovered for Ivanti Endpoint Manager Client. Vulnerability InformationCVE| CVSS| Summary ---|---|--- CVE-2022-27773CVE | High - CVSS=7.8 AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | An issu...
MI Core - Vulnerability found security issue on jquery.
Last Modified Date Mar 12, 2024 4:32:15 PM...
Are MobileIron Products Vulnerable to CVE-2021-44521--apache-cassandra
Last Modified Date Mar 8, 2024 7:55:33 PM...
CVE-2022-0185
Affected Version| - None of MobileIron Core - None of MobileIron Sentry - None of MobileIron Connector ---|--- Question: Are Mobileiron Products vulnerable to CVE-2022-0185 MobileIron server products are not affected. This issue affects the Linux kernel packages as shipped with Red Hat...
Is Ivanti IPCM voice vulnerable to CVE-2021-44228 Java logging library (log4j)
Last Modified Date Dec 20, 2021 2:55:48 PM...
Is HEAT Classic (HEAT Serivce and Support) vulnerable to CVE-2021-44228 Java logging library (log4j)
Last Modified Date Feb 2, 2022 3:03:20 PM...
Security Bulletin:CVE-2021-44228: MobileIron Remote code injection in Log4j
Affected Versions --- MobileIron Core below Core 11.5 Mobileiron Sentry Sentry 9.13 and 9.14 only Core Connector All Versions Reporting Database RDB All Versions Please Note Ivanti has tested the mitigation for the vulnerability on supported versions of the product. While it may be possible to...
Security Alert - CVE's Addressed in Avalanche 6.3.3
Last Modified Date Dec 10, 2021 8:13:44 AM...