Ivanti: Security Vulnerabilities
A vulnerability in Pulse Connect Secure before 9.1R12.1 could allow an unauthenticated administrator to causes a denial of service when a malformed request is sent to the device.
CVSS Score
7.5
EPSS Score
0.113
Published
2021-11-19
An issue was discovered in Ivanti Workspace Control before 10.6.30.0. A locally authenticated user with low privileges can bypass File and Folder Security by leveraging an unspecified attack vector. As a result, the attacker can start applications with elevated privileges.
CVSS Score
7.8
EPSS Score
0.003
Published
2021-09-01
A vulnerability in Pulse Connect Secure before 9.1R12 could allow an authenticated administrator to perform an arbitrary file delete via a maliciously crafted web request.
CVSS Score
6.5
EPSS Score
0.063
Published
2021-08-16
A vulnerability in Pulse Connect Secure before 9.1R12 could allow an authenticated administrator or compromised Pulse Connect Secure device in a load-balanced configuration to perform a buffer overflow via a malicious crafted web request.
CVSS Score
7.2
EPSS Score
0.044
Published
2021-08-16
A vulnerability in Pulse Connect Secure before 9.1R12 could allow an authenticated administrator to perform command injection via an unsanitized web parameter.
CVSS Score
7.2
EPSS Score
0.039
Published
2021-08-16
A vulnerability in Pulse Connect Secure before 9.1R12 could allow a threat actor to perform a cross-site script attack against an authenticated administrator via an unsanitized web parameter.
CVSS Score
6.1
EPSS Score
0.002
Published
2021-08-16
A vulnerability in Pulse Connect Secure before 9.1R12 could allow an authenticated administrator to perform a file write via a maliciously crafted archive uploaded in the administrator web interface.
CVSS Score
7.2
EPSS Score
0.075
Published
2021-08-16
A vulnerability in Pulse Connect Secure before 9.1R12 could allow an authenticated administrator to perform command injection via an unsanitized web parameter in the administrator web console.
CVSS Score
7.2
EPSS Score
0.039
Published
2021-08-16
By abusing the 'install rpm url' command, an attacker can escape the restricted clish shell on affected versions of Ivanti MobileIron Core. This issue was fixed in version 11.1.0.0.
CVSS Score
6.5
EPSS Score
0.022
Published
2021-07-22
By abusing the 'install rpm info detail' command, an attacker can escape the restricted clish shell on affected versions of Ivanti MobileIron Core. This issue was fixed in version 11.1.0.0.
CVSS Score
6.5
EPSS Score
0.022
Published
2021-07-22