Shodan
Vulnerabilities
Vulnerable Software
Ivanti:  Security Vulnerabilities
CVE-2023-38035
Known exploited
A security vulnerability in MICS Admin Portal in Ivanti MobileIron Sentry versions 9.18.0 and below, which may allow an attacker to bypass authentication controls on the administrative interface due to an insufficiently restrictive Apache HTTPD configuration.
CVSS Score
9.8
EPSS Score
0.944
Published
2023-08-21
CVE-2023-35082
Known exploited
An authentication bypass vulnerability in Ivanti EPMM 11.10 and older, allows unauthorized users to access restricted functionality or resources of the application without proper authentication. This vulnerability is unique to CVE-2023-35078 announced earlier.
CVSS Score
10.0
EPSS Score
0.945
Published
2023-08-15
CVE-2023-32560
An attacker can send a specially crafted message to the Wavelink Avalanche Manager, which could result in service disruption or arbitrary code execution. Thanks to a Researcher at Tenable for finding and reporting. Fixed in version 6.4.1.
CVSS Score
8.8
EPSS Score
0.919
Published
2023-08-10
CVE-2023-32561
A previously generated artifact by an administrator could be accessed by an attacker. The contents of this artifact could lead to authentication bypass. Fixed in version 6.4.1.
CVSS Score
7.1
EPSS Score
0.001
Published
2023-08-10
CVE-2023-32562
An unrestricted upload of file with dangerous type vulnerability exists in Avalanche versions 6.3.x and below that could allow an attacker to achieve a remove code execution. Fixed in version 6.4.1.
CVSS Score
6.8
EPSS Score
0.273
Published
2023-08-10
CVE-2023-32563
An unauthenticated attacker could achieve the code execution through a RemoteControl server.
CVSS Score
8.8
EPSS Score
0.925
Published
2023-08-10
CVE-2023-32564
An unrestricted upload of file with dangerous type vulnerability exists in Avalanche versions 6.4.1 and below that could allow an attacker to achieve a remove code execution.
CVSS Score
6.8
EPSS Score
0.273
Published
2023-08-10
CVE-2023-32565
An attacker can send a specially crafted request which could lead to leakage of sensitive data or potentially a resource-based DoS attack. Fixed in version 6.4.1.
CVSS Score
6.3
EPSS Score
0.004
Published
2023-08-10
CVE-2023-28129
DSM 2022.2 SU2 and all prior versions allows a local low privileged account to execute arbitrary OS commands as the DSM software installation user.
CVSS Score
7.8
EPSS Score
0.002
Published
2023-08-10
CVE-2023-32566
An attacker can send a specially crafted request which could lead to leakage of sensitive data or potentially a resource-based DoS attack. Fixed in version 6.4.1.
CVSS Score
6.3
EPSS Score
0.004
Published
2023-08-10


Products
Pricing
Contact Us

Shodan ® - All rights reserved