Shodan
Vulnerabilities
Vulnerable Software
Ivanti:  Security Vulnerabilities
CVE-2023-41724
A command injection vulnerability in Ivanti Sentry prior to 9.19.0 allows unauthenticated threat actor to execute arbitrary commands on the underlying operating system of the appliance within the same physical or logical network.
CVSS Score
9.6
EPSS Score
0.08
Published
2024-03-31
CVE-2024-22024
An XML external entity or XXE vulnerability in the SAML component of Ivanti Connect Secure (9.x, 22.x), Ivanti Policy Secure (9.x, 22.x) and ZTA gateways which allows an attacker to access certain restricted resources without authentication.
CVSS Score
8.3
EPSS Score
0.943
Published
2024-02-13
CVE-2024-21888
A privilege escalation vulnerability in web component of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure (9.x, 22.x) allows a user to elevate privileges to that of an administrator.
CVSS Score
8.8
EPSS Score
0.612
Published
2024-01-31
CVE-2024-21893
Known exploited
A server-side request forgery vulnerability in the SAML component of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure (9.x, 22.x) and Ivanti Neurons for ZTA allows an attacker to access certain restricted resources without authentication.
CVSS Score
8.2
EPSS Score
0.943
Published
2024-01-31
CVE-2023-41474
Directory Traversal vulnerability in Ivanti Avalanche 6.3.4.153 allows a remote authenticated attacker to obtain sensitive information via the javax.faces.resource component.
CVSS Score
6.5
EPSS Score
0.696
Published
2024-01-25
CVE-2024-21887
Known exploited
A command injection vulnerability in web components of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure (9.x, 22.x) allows an authenticated administrator to send specially crafted requests and execute arbitrary commands on the appliance.
CVSS Score
9.1
EPSS Score
0.944
Published
2024-01-12
CVE-2023-46805
Known exploited
An authentication bypass vulnerability in the web component of Ivanti ICS 9.x, 22.x and Ivanti Policy Secure allows a remote attacker to access restricted resources by bypassing control checks.
CVSS Score
8.2
EPSS Score
0.944
Published
2024-01-12
CVE-2023-39336
An unspecified SQL Injection vulnerability in Ivanti Endpoint Manager released prior to 2022 SU 5 allows an attacker with access to the internal network to execute arbitrary SQL queries and retrieve output without the need for authentication. Under specific circumstances, this may also lead to RCE on the core server.
CVSS Score
9.6
EPSS Score
0.009
Published
2024-01-09
CVE-2023-46804
An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS).
CVSS Score
7.5
EPSS Score
0.006
Published
2023-12-19
CVE-2023-46261
An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution.
CVSS Score
9.8
EPSS Score
0.019
Published
2023-12-19


Products
Pricing
Contact Us

Shodan ® - All rights reserved