Lucene search
K
IvantiRecent

282 matches found

Ivanti
Ivanti
added 2023/02/14 7:22 a.m.8 views

SA44399 - 2020-03: Out-of-Cycle Advisory: Pulse Secure recommendations for Enterprise VPN Security (AA20-073A)

Ivanti 4th of March 2024 - This isn't an active SA and any new edits are part of an article maintenance project. Many organizations are switching to alternate workplace options for employees in response to the rapidly spreading Novel Coronavirus COVID-19. Malicious cyber actors will inevitably...

7.4AI score
Exploits0
Ivanti
Ivanti
added 2023/02/14 7:22 a.m.22 views

SA44516 - 2020-07: Security Bulletin: Multiple Vulnerabilities Resolved in Pulse Connect Secure / Pulse Policy Secure 9.1R8

Problem This advisory provides information about multiple vulnerabilities resolved in Pulse Connect Secure 9.1R8 and Pulse Policy Secure 9.1R8. Refer to KB43892 - What releases will Pulse Secure apply fixes to resolve security vulnerabilities? per our End of Engineering EOE and End of Life EOL...

8.1CVSS8.2AI score0.32739EPSS
Exploits4
Ivanti
Ivanti
added 2023/02/14 7:22 a.m.11 views

SA44525 - 2020-07: Out-of-Cycle Advisory: Multiple Vulnerabilities in Apache Guacamole Software

Ivanti 4th of March 2024 - This isn't an active SA and any new edits are part of an article maintenance project. This advisory provides information about the Apache Guacamole HTML5 Access vulnerabilities highlighted in CVE-2020-9498 and CVE-2020-9497. If a end user connects to a malicious or...

6.7CVSS7AI score0.00795EPSS
Exploits0
Ivanti
Ivanti
added 2023/02/14 7:22 a.m.12 views

SA44800 - 2021-05: Out-of-Cycle Advisory: Pulse Connect Secure Buffer Overflow Vulnerability

Ivanti 4th of March 2024 - This isn't an active SA and any new edits are part of an article maintenance project. A vulnerability was discovered under Pulse Connect Secure PCS. This includes buffer overflow vulnerability on the Pulse Connect Secure gateway that allows a remote authenticated user...

9CVSS7.9AI score0.69377EPSS
Exploits0
Ivanti
Ivanti
added 2023/02/14 7:22 a.m.22 views

SA44601 - 2020-10: Security Bulletin: Multiple Vulnerabilities Resolved in Pulse Connect Secure / Pulse Policy Secure / Pulse Secure Desktop Client 9.1R9

Edit: 4th of March 2024 - This isn't an active SA and any new edits are part of an article maintenance project. This advisory provides information about multiple vulnerabilities resolved in Pulse Connect Secure 9.1R9, Pulse Policy Secure 9.1R9 and Pulse Secure Desktop Client 9.1R9. Refer to KB438...

9.8CVSS8.7AI score0.9648EPSS
Exploits12
Ivanti
Ivanti
added 2023/02/14 7:22 a.m.25 views

SA44784 - 2021-04: Out-of-Cycle Advisory: Multiple Vulnerabilities Resolved in Pulse Connect Secure 9.1R11.4

Multiple vulnerabilities were discovered and have been resolved in Pulse Connect Secure PCS. This includes an authentication by-pass vulnerability that can allow an unauthenticated user to perform remote arbitrary file execution on the Pulse Connect Secure gateway. Many of these vulnerabilities...

10CVSS9AI score0.47172EPSS
Exploits9
Ivanti
Ivanti
added 2023/02/14 7:22 a.m.8 views

SA44574 - 2020-08: Out-of-Cycle Advisory: FBI and NSA Expose New Linux Malware Drovorub

Ivanti 4th of March 2024 - This isn't an active SA and any new edits are part of an article maintenance project. The United States National Security Agency and Federal Bureau of Investigation have released a Cybersecurity Advisory regarding the Drovorub malware. Drovorub is Linux malware that...

7.9AI score
Exploits0
Ivanti
Ivanti
added 2023/02/14 7:22 a.m.6 views

SA44508 - 2020-06: Out-of-Cycle Advisory: Multiple Vulnerabilities in Treck TCP/IP Embedded Software

Ivanti 4th of March 2024 - This isn't an active SA and any new edits are part of an article maintenance project. Treck IP network stack software is designed and used in a variety of embedded systems. The software can be licensed and integrated in various ways, including compiled from source,...

7.1AI score
Exploits0
Ivanti
Ivanti
added 2023/02/14 7:22 a.m.8 views

SA44676 - December 08 2020 OpenSSL Security Advisory

Problem On December 08 2020, the OpenSSL project announced a new security advisory. These issues may affect Pulse Secure product. Refer to KB43892 - What releases will Pulse Secure apply fixes to resolve security vulnerabilities? per our End of Engineering EOE and End of Life EOL policies. The...

5.9CVSS7AI score0.06968EPSS
Exploits3
Ivanti
Ivanti
added 2023/02/14 7:22 a.m.14 views

SA44588 - 2020-09: Out-of-Cycle Advisory: Multiple vulnerabilities resolved in Pulse Connect Secure / Pulse Policy Secure 9.1R8.2

Edit: 4th of March 2024 - This isn't an active SA and any new edits are part of an article maintenance project. This advisory provides information about multiple vulnerabilities resolved in Pulse Connect Secure 9.1R8.2, Pulse Policy Secure 9.1R8.2 Refer to KB43892 - What releases will Pulse Secur...

7.2CVSS8AI score0.90759EPSS
Exploits2
Ivanti
Ivanti
added 2023/02/14 7:22 a.m.11 views

SA44790 - HTTP Request Smuggling vulnerability with Virtual Traffic Manager (vTM)

Edit: 4th of March 2024 - This isn't an active SA and any new edits are part of an article maintenance project. An HTTP Request Smuggling vulnerability in Pulse Secure Virtual Traffic Manager could allow an attacker to 'smuggle' an HTTP request through an HTTP/2 header. In particular, customers...

7.5CVSS6.8AI score0.00973EPSS
Exploits1
Ivanti
Ivanti
added 2023/02/14 7:22 a.m.10 views

SA44845 - OpenSSL Security Advisory CVE-2021-3450

On March 25 2021, the OpenSSL project announced a new security advisory. These issues may affect Pulse Secure product. Refer to KB43892 - What releases will Pulse Secure apply fixes to resolve security vulnerabilities per our End of Engineering EOE and End of Life EOL policies. The OpenSSL adviso...

7.4CVSS7.2AI score0.62906EPSS
Exploits4
Ivanti
Ivanti
added 2023/02/14 7:22 a.m.17 views

SA45476 - Client Side Desync Attack (Informational)

Ivanti 4th of March 2024 - This isn't an active SA and any new edits are part of an article maintenance project. Portswigger has provided a responsible disclosure of a vulnerability that affects the Pulse Collaboration feature. Their write up can be found here:...

5.4CVSS6.5AI score0.45229EPSS
Exploits0
Ivanti
Ivanti
added 2023/02/14 7:22 a.m.20 views

SA44858 - 9.1R12 Security Fixes

Ivanti 4th of March 2024 - This isn't an active SA and any new edits are part of an article maintenance project. Resolutions for Pulse Connect Secure CVEs Issue: As part of a rigorous code review that we have undertaken in close partnership with industry-leading third-party experts, we have...

7.2CVSS7.9AI score0.07828EPSS
Exploits1
Ivanti
Ivanti
added 2023/02/14 7:22 a.m.11 views

SA45520 - CVE's (CVE-2022-35254,CVE-2022-35258) may lead to DoS attack

Summary: An unauthenticated attacker can cause a denial-of-service to the following products: Ivanti Connect Secure ICS in versions prior to 9.1R14.3, 9.1R15.2, 9.1R16.2, and 22.2R3, Ivanti Policy Secure IPS in versions prior to 9.1R17 and 22.2R3, and Ivanti Neurons for Zero-Trust Gateway in...

7.5CVSS6.9AI score0.02515EPSS
Exploits0
Ivanti
Ivanti
added 2023/02/14 7:22 a.m.9 views

SA44846 - OpenSSL Security Advisory CVE-2021-23841

On February 16 2021, the OpenSSL project announced a new security advisory. These issues may affect Pulse Secure product. Refer to KB43892 - What releases will Pulse Secure apply fixes to resolve security vulnerabilities per our End of Engineering EOE and End of Life EOL policies. The OpenSSL...

7.5CVSS7.3AI score0.50732EPSS
Exploits0
Ivanti
Ivanti
added 2023/02/14 7:22 a.m.10 views

SA44712 - 2021-02: Out-of-Cycle Advisory: Pulse Secure response to BIOS Trickboot Vulnerability

Ivanti 4th of March 2024 - This isn't an active SA and any new edits are part of an article maintenance project. A vulnerability in the BIOS of Pulse Secure PSA-Series Hardware could allow an attacker to compromise BIOS firmware. This vulnerability can be exploited only as part of an attack chain...

2.3CVSS6.8AI score0.00249EPSS
Exploits0
Ivanti
Ivanti
added 2023/02/14 7:22 a.m.9 views

SA44899 - CVE-2021-22965: A Vulnerability in Pulse Connect Secure Before 9.1R12.1

Prior to 9.1R12.1 System Software, a vulnerability in the Pulse Secure server exists where malformed packets can, be used for Denial of Service. The impact and temporary mitigation is referenced in KB44879 CVE| ScoreCVSS:3.0| Vector| Description| Affected Versions ---|---|---|---|---...

7.8CVSS6.7AI score0.02123EPSS
Exploits0
Ivanti
Ivanti
added 2023/02/14 7:22 a.m.20 views

SA45100 - CVE-2022-0778-OpenSSL-Vulnerability may lead to DoS attack

CVE-2022-0778 A vulnerability has been reported on the 15th of March 2022 under https://nvd.nist.gov/vuln/detail/CVE-2022-0778 Description - A flaw was found in OpenSSL. It is possible to trigger an infinite loop by crafting a certificate that has invalid explicit curve parameters. More details...

7.5CVSS7.2AI score0.70561EPSS
Exploits2
Ivanti
Ivanti
added 2023/02/14 7:22 a.m.7 views

SA45038 - CVE-2022-23852 - Expat (AKA Libexpat) Before 2.4.4 Has a Signed Integer Overflow in XML_GetBuffer, for Configurations With a Nonzero XML_CONTEXT_BYTES

A vulnerability has been reported on the 23rd of Jan 2022 under https://nvd.nist.gov/vuln/detail/CVE-2022-23852 Description: Expat aka libexpat before 2.4.4 has a signed integer overflow in XMLGetBuffer, for configurations with a nonzero XMLCONTEXTBYTES. Related link:...

9.8CVSS6.8AI score0.04525EPSS
Exploits0
Ivanti
Ivanti
added 2023/02/14 7:22 a.m.20 views

SA45470 - OpenSSL Security Advisory CVE-2021-4154

Last Modified Date Apr 21, 2025 9:02:45 AM...

8.8CVSS6.7AI score0.01206EPSS
Exploits2
Ivanti
Ivanti
added 2023/02/14 7:22 a.m.8 views

SA45653 - Cross-site Request Forgery in Login Form

Ivanti 4th of March 2024 - This isn't an active SA and any new edits are part of an article maintenance project. In a login CSRF attack, the attacker forges a login request to an honest site using the attacker’s username and password at that site. If the forgery succeeds, the honest server...

7.2AI score
Exploits0
Ivanti
Ivanti
added 2023/02/14 7:22 a.m.8 views

SA45654 - Multiple OpenSSL Vulnerabilities in Layer 2 network filtering capabilities

Ivanti 4th of March 2024 - This isn't an active SA and any new edits are part of an article maintenance project. Multiple vulnerabilities were discovered with respect to Layer 2 network filtering capabilities such as IPv6 RA guard or ARP inspection can be bypassed using combinations of VLAN 0...

4.7CVSS6.9AI score0.0069EPSS
Exploits1
Ivanti
Ivanti
added 2023/02/10 7:30 a.m.15 views

Impact of CVE-2023-22809 on EPMM, Sentry and Connector

Last Modified Date Mar 8, 2024 8:33:11 PM...

7.8CVSS7.1AI score0.55367EPSS
Exploits20
Ivanti
Ivanti
added 2022/11/17 3:28 p.m.10 views

Security Advisory for Ivanti Endpoint Manager Client-CVE-2022-27773

SECURITY ADVISORY 2022-11-16 Product Affected: Ivanti EPM Endpoint Manager PROBLEM: A vulnerability was recently discovered for Ivanti Endpoint Manager Client. Vulnerability InformationCVE| CVSS| Summary ---|---|--- CVE-2022-27773CVE | High - CVSS=7.8 AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | An issu...

9.8CVSS7.2AI score0.02585EPSS
Exploits0
Ivanti
Ivanti
added 2022/06/10 5:57 a.m.9 views

MI Core - Vulnerability found security issue on jquery.

Last Modified Date Mar 12, 2024 4:32:15 PM...

5.8AI score
Exploits0
Ivanti
Ivanti
added 2022/02/24 5:15 p.m.9 views

Are MobileIron Products Vulnerable to CVE-2021-44521--apache-cassandra

Last Modified Date Mar 8, 2024 7:55:33 PM...

9.1CVSS7.6AI score0.54889EPSS
Exploits7
Ivanti
Ivanti
added 2022/02/24 4:35 p.m.16 views

CVE-2022-0185

Affected Version| - None of MobileIron Core - None of MobileIron Sentry - None of MobileIron Connector ---|--- Question: Are Mobileiron Products vulnerable to CVE-2022-0185 MobileIron server products are not affected. This issue affects the Linux kernel packages as shipped with Red Hat...

8.4CVSS7.1AI score0.25151EPSS
Exploits11
Ivanti
Ivanti
added 2021/12/20 2:55 p.m.29 views

Is Ivanti IPCM voice vulnerable to CVE-2021-44228 Java logging library (log4j)

Last Modified Date Dec 20, 2021 2:55:48 PM...

10CVSS7AI score0.99999EPSS
Exploits348
Ivanti
Ivanti
added 2021/12/14 3:12 p.m.20 views

Is HEAT Classic (HEAT Serivce and Support) vulnerable to CVE-2021-44228 Java logging library (log4j)

Last Modified Date Feb 2, 2022 3:03:20 PM...

10CVSS7AI score0.99999EPSS
Exploits348
Ivanti
Ivanti
added 2021/12/12 3:3 a.m.23 views

Security Bulletin:CVE-2021-44228: MobileIron Remote code injection in Log4j

Affected Versions --- MobileIron Core below Core 11.5 Mobileiron Sentry Sentry 9.13 and 9.14 only Core Connector All Versions Reporting Database RDB All Versions Please Note Ivanti has tested the mitigation for the vulnerability on supported versions of the product. While it may be possible to...

10CVSS8.3AI score0.99999EPSS
Exploits348
Ivanti
Ivanti
added 2021/11/18 5:57 p.m.9 views

Security Alert - CVE's Addressed in Avalanche 6.3.3

Last Modified Date Dec 10, 2021 8:13:44 AM...

9.8CVSS8.2AI score0.81596EPSS
Exploits0
Total number of security vulnerabilities282