Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In September 2024
CVE-2024-8320
Missing authentication in Network Isolation of Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote unauthenticated attacker to spoof Network Isolation status of managed devices.
CVSS Score
5.3
EPSS Score
0.008
Published
2024-09-10
CVE-2024-8321
Missing authentication in Network Isolation of Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote unauthenticated attacker to isolate managed devices from the network.
CVSS Score
5.8
EPSS Score
0.002
Published
2024-09-10
CVE-2024-8322
Weak authentication in Patch Management of Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote authenticated attacker to access restricted functionality.
CVSS Score
4.3
EPSS Score
0.006
Published
2024-09-10
CVE-2024-8441
An uncontrolled search path in the agent of Ivanti EPM before 2022 SU6, or the 2024 September update allows a local authenticated attacker with admin privileges to escalate their privileges to SYSTEM.
CVSS Score
6.7
EPSS Score
0.003
Published
2024-09-10
CVE-2024-44106
Insufficient server-side controls in the management console of Ivanti Workspace Control before version 2025.2 (10.19.0.0) allows a local authenticated attacker to escalate their privileges.
CVSS Score
8.8
EPSS Score
0.002
Published
2024-09-10
CVE-2024-44107
DLL hijacking in the management console of Ivanti Workspace Control before version 2025.2 (10.19.0.0) allows a local authenticated attacker to escalate their privileges and achieve arbitrary code execution.
CVSS Score
8.8
EPSS Score
0.002
Published
2024-09-10
CVE-2024-8012
An authentication bypass weakness in the message broker service of Ivanti Workspace Control before version 2025.2 (10.19.0.0) allows a local authenticated attacker to escalate their privileges.
CVSS Score
7.8
EPSS Score
0.002
Published
2024-09-10
CVE-2024-8190
Known exploited
An OS command injection vulnerability in Ivanti Cloud Services Appliance versions 4.6 Patch 518 and before allows a remote authenticated attacker to obtain remote code execution. The attacker must have admin level privileges to exploit this vulnerability.
CVSS Score
7.2
EPSS Score
0.924
Published
2024-09-10
CVE-2024-8191
SQL injection in the management console of Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote unauthenticated attacker to achieve remote code execution.
CVSS Score
7.8
EPSS Score
0.09
Published
2024-09-10
CVE-2024-44103
DLL hijacking in the management console of Ivanti Workspace Control before version 2025.2 (10.19.0.0) allows a local authenticated attacker to escalate their privileges.
CVSS Score
8.8
EPSS Score
0.002
Published
2024-09-10


Products
Pricing
Contact Us

Shodan ® - All rights reserved