Ivanti: Security Vulnerabilities
In Ivanti Pulse Secure Pulse Connect Secure (PCS) before 9.1R12, the administrator password is stored in the HTML source code of the "Maintenance > Push Configuration > Targets > Target Name" targets.cgi screen. A read-only administrative user can escalate to a read-write administrative role.
CVSS Score
7.2
EPSS Score
0.025
Published
2022-08-12
An authenticated high privileged user can perform a stored XSS attack due to incorrect output encoding in Incapptic connect and affects all current versions.
CVSS Score
4.8
EPSS Score
0.001
Published
2022-04-11
A non-admin user with user management permission can escalate his privilege to admin user via password reset functionality. The vulnerability affects Incapptic Connect version < 1.40.1.
CVSS Score
8.8
EPSS Score
0.247
Published
2022-04-11
Ivanti DSM Remote <= 6.3.1.1862 is vulnerable to an unquoted service path allowing local users to launch processes with elevated privileges.
CVSS Score
7.8
EPSS Score
0.001
Published
2022-04-11
Ivanti Avalanche (Premise) 6.3.2 allows remote unauthenticated users to read arbitrary files via Absolute Path Traversal. The imageFilePath parameter processed by the /AvalancheWeb/image endpoint is not verified to be within the scope of the image folder, e.g., the attacker can obtain sensitive information via the C:/Windows/system32/config/system.sav value.
CVSS Score
7.5
EPSS Score
0.932
Published
2022-04-06
A user with high privilege access to the Incapptic Connect web console can remotely execute code on the Incapptic Connect server using a unspecified attack vector in Incapptic Connect version 1.40.0, 1.39.1, 1.39.0, 1.38.1, 1.38.0, 1.37.1, 1.37.0, 1.36.0, 1.35.5, 1.35.4 and 1.35.3.
CVSS Score
7.2
EPSS Score
0.245
Published
2022-03-04
Ivanti Service Manager 2021.1 allows reflected XSS via the appName parameter associated with ConfigDB calls, such as in RelocateAttachments.aspx.
CVSS Score
6.1
EPSS Score
0.015
Published
2022-02-01
A insecure storage of sensitive information vulnerability exists in Ivanti Workspace Control <2021.2 (10.7.30.0) that could allow an attacker with locally authenticated low privileges to obtain key information due to an unspecified attack vector.
CVSS Score
5.5
EPSS Score
0.001
Published
2022-01-10
Ivanti Workspace Control before 10.4.50.0 allows attackers to degrade integrity.
CVSS Score
7.5
EPSS Score
0.016
Published
2021-12-15
CVE-2021-44529
A code injection vulnerability in the Ivanti EPM Cloud Services Appliance (CSA) allows an unauthenticated user to execute arbitrary code with limited permissions (nobody).
Known exploited
CVSS Score
9.8
EPSS Score
0.945
Published
2021-12-08