Filtered by vendor Ivanti Subscriptions
Total 320 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2024-11004 1 Ivanti 2 Connect Secure, Policy Secure 2024-11-21 6.1 Medium
Reflected XSS in Ivanti Connect Secure before version 22.7R2.1 and Ivanti Policy Secure before version 22.7R1.1 allows a remote unauthenticated attacker to obtain admin privileges. User interaction is required.
CVE-2024-7571 1 Ivanti 1 Secure Access Client 2024-11-19 7.8 High
Incorrect permissions in Ivanti Secure Access Client before 22.7R4 allows a local authenticated attacker to escalate their privileges.
CVE-2024-11007 1 Ivanti 2 Connect Secure, Policy Secure 2024-11-19 9.1 Critical
Command injection in Ivanti Connect Secure before version 22.7R2.1 and Ivanti Policy Secure before version 22.7R1.1 allows a remote authenticated attacker with admin privileges to achieve remote code execution.
CVE-2024-8495 1 Ivanti 2 Connect Secure, Policy Secure 2024-11-19 7.5 High
A null pointer dereference in Ivanti Connect Secure before version 22.7R2.1 and Ivanti Policy Secure before version 22.7R1.1 allows a remote unauthenticated attacker to cause a denial of service.
CVE-2024-47909 1 Ivanti 2 Connect Secure, Policy Secure 2024-11-19 4.9 Medium
A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.3 and Ivanti Policy Secure before version 22.7R1.2 allows a remote authenticated attacker with admin privileges to cause a denial of service.
CVE-2024-47906 1 Ivanti 2 Connect Secure, Policy Secure 2024-11-19 7.8 High
Excessive binary privileges in Ivanti Connect Secure which affects versions 22.4R2 through 22.7R2.2 inclusive within the R2 release line and Ivanti Policy Secure before version 22.7R1.2 allow a local authenticated attacker to escalate privileges.
CVE-2024-50330 1 Ivanti 1 Endpoint Manager 2024-11-19 9.8 Critical
SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote unauthenticated attacker to achieve remote code execution.
CVE-2024-50329 1 Ivanti 1 Endpoint Manager 2024-11-19 8.8 High
Path traversal in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote unauthenticated attacker to achieve remote code execution. User interaction is required.
CVE-2024-50324 1 Ivanti 1 Endpoint Manager 2024-11-19 7.2 High
Path traversal in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote authenticated attacker with admin privileges to achieve remote code execution.
CVE-2024-50323 1 Ivanti 1 Endpoint Manager 2024-11-19 7.8 High
SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a local unauthenticated attacker to achieve code execution. User interaction is required.
CVE-2024-34784 1 Ivanti 1 Endpoint Manager 2024-11-19 N/A
SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote authenticated attacker with admin privileges to achieve remote code execution.
CVE-2024-32847 1 Ivanti 1 Endpoint Manager 2024-11-19 N/A
SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote authenticated attacker with admin privileges to achieve remote code execution.
CVE-2024-32844 1 Ivanti 1 Epm 2024-11-19 7.2 High
SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote authenticated attacker with admin privileges to achieve remote code execution.
CVE-2024-50326 1 Ivanti 1 Endpoint Manager 2024-11-19 7.2 High
SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote authenticated attacker with admin privileges to achieve remote code execution.
CVE-2024-34782 1 Ivanti 1 Endpoint Manager 2024-11-19 N/A
SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote authenticated attacker with admin privileges to achieve remote code execution.
CVE-2024-50328 1 Ivanti 1 Endpoint Manager 2024-11-19 7.2 High
SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote authenticated attacker with admin privileges to achieve remote code execution.
CVE-2024-34781 1 Ivanti 1 Endpoint Manager 2024-11-19 N/A
SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote authenticated attacker with admin privileges to achieve remote code execution.
CVE-2024-37376 1 Ivanti 1 Endpoint Manager 2024-11-19 N/A
SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote authenticated attacker with admin privileges to achieve remote code execution.
CVE-2024-50327 1 Ivanti 1 Endpoint Manager 2024-11-19 7.2 High
SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote authenticated attacker with admin privileges to achieve remote code execution.
CVE-2024-32839 1 Ivanti 1 Epm 2024-11-19 N/A
SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote authenticated attacker with admin privileges to achieve remote code execution.