Shodan
Vulnerabilities
Vulnerable Software
Ivanti:  Security Vulnerabilities
CVE-2020-13771
Various components in Ivanti Endpoint Manager through 2020.1.1 rely on Windows search order when loading a (nonexistent) library file, allowing (under certain conditions) one to gain code execution (and elevation of privileges to the level of privilege held by the vulnerable component such as NT AUTHORITY\SYSTEM) via DLL hijacking. This affects ldiscn32.exe, IpmiRedirectionService.exe, LDAPWhoAmI.exe, and ldprofile.exe.
CVSS Score
7.8
EPSS Score
0.001
Published
2020-11-12
CVE-2020-8260
Known exploited
A vulnerability in the Pulse Connect Secure < 9.1R9 admin web interface could allow an authenticated attacker to perform an arbitrary code execution using uncontrolled gzip extraction.
CVSS Score
7.2
EPSS Score
0.704
Published
2020-10-28
CVE-2020-8261
A vulnerability in the Pulse Connect Secure / Pulse Policy Secure < 9.1R9 is vulnerable to arbitrary cookie injection.
CVSS Score
4.3
EPSS Score
0.006
Published
2020-10-28
CVE-2020-8262
A vulnerability in the Pulse Connect Secure / Pulse Policy Secure below 9.1R9 could allow attackers to conduct Cross-Site Scripting (XSS) and Open Redirection for authenticated user web interface.
CVSS Score
6.1
EPSS Score
0.001
Published
2020-10-28
CVE-2020-15352
An XML external entity (XXE) vulnerability in Pulse Connect Secure (PCS) before 9.1R9 and Pulse Policy Secure (PPS) before 9.1R9 allows remote authenticated admins to conduct server-side request forgery (SSRF) attacks via a crafted DTD in an XML request.
CVSS Score
7.2
EPSS Score
0.066
Published
2020-10-27
CVE-2020-8243
Known exploited
A vulnerability in the Pulse Connect Secure < 9.1R8.2 admin web interface could allow an authenticated attacker to upload custom template to perform an arbitrary code execution.
CVSS Score
7.2
EPSS Score
0.226
Published
2020-09-30
CVE-2020-8256
A vulnerability in the Pulse Connect Secure < 9.1R8.2 admin web interface could allow an authenticated attacker to gain arbitrary file reading access through Pulse Collaboration via XML External Entity (XXE) vulnerability.
CVSS Score
4.9
EPSS Score
0.027
Published
2020-09-30
CVE-2020-8238
A vulnerability in the authenticated user web interface of Pulse Connect Secure and Pulse Policy Secure < 9.1R8.2 could allow attackers to conduct Cross-Site Scripting (XSS).
CVSS Score
6.1
EPSS Score
0.002
Published
2020-09-30
CVE-2020-12441
Denial-of-Service (DoS) in Ivanti Service Manager HEAT Remote Control 7.4 due to a buffer overflow in the protocol parser of the ‘HEATRemoteService’ agent. The DoS can be triggered by sending a specially crafted network packet.
CVSS Score
9.8
EPSS Score
0.087
Published
2020-08-06
CVE-2020-13793
Unsafe storage of AD credentials in Ivanti DSM netinst 5.1 due to a static, hard-coded encryption key.
CVSS Score
9.8
EPSS Score
0.014
Published
2020-08-06


Products
Pricing
Contact Us

Shodan ® - All rights reserved