Ivanti: Security Vulnerabilities
The “LANDesk(R) Management Agent” service exposes a socket and once connected, it is possible to launch commands only for signed executables. This is a security bug that allows a limited user to get escalated admin privileges on their system.
CVSS Score
6.7
EPSS Score
0.001
Published
2022-09-23
In Ivanti Pulse Secure Pulse Connect Secure (PCS) before 9.1R12, the administrator password is stored in the HTML source code of the "Maintenance > Push Configuration > Targets > Target Name" targets.cgi screen. A read-only administrative user can escalate to a read-write administrative role.
CVSS Score
7.2
EPSS Score
0.026
Published
2022-08-12
An authenticated high privileged user can perform a stored XSS attack due to incorrect output encoding in Incapptic connect and affects all current versions.
CVSS Score
4.8
EPSS Score
0.001
Published
2022-04-11
A non-admin user with user management permission can escalate his privilege to admin user via password reset functionality. The vulnerability affects Incapptic Connect version < 1.40.1.
CVSS Score
8.8
EPSS Score
0.197
Published
2022-04-11
Ivanti DSM Remote <= 6.3.1.1862 is vulnerable to an unquoted service path allowing local users to launch processes with elevated privileges.
CVSS Score
7.8
EPSS Score
0.001
Published
2022-04-11
Ivanti Avalanche (Premise) 6.3.2 allows remote unauthenticated users to read arbitrary files via Absolute Path Traversal. The imageFilePath parameter processed by the /AvalancheWeb/image endpoint is not verified to be within the scope of the image folder, e.g., the attacker can obtain sensitive information via the C:/Windows/system32/config/system.sav value.
CVSS Score
7.5
EPSS Score
0.938
Published
2022-04-06
A user with high privilege access to the Incapptic Connect web console can remotely execute code on the Incapptic Connect server using a unspecified attack vector in Incapptic Connect version 1.40.0, 1.39.1, 1.39.0, 1.38.1, 1.38.0, 1.37.1, 1.37.0, 1.36.0, 1.35.5, 1.35.4 and 1.35.3.
CVSS Score
7.2
EPSS Score
0.154
Published
2022-03-04
Ivanti Service Manager 2021.1 allows reflected XSS via the appName parameter associated with ConfigDB calls, such as in RelocateAttachments.aspx.
CVSS Score
6.1
EPSS Score
0.015
Published
2022-02-01
A insecure storage of sensitive information vulnerability exists in Ivanti Workspace Control <2021.2 (10.7.30.0) that could allow an attacker with locally authenticated low privileges to obtain key information due to an unspecified attack vector.
CVSS Score
5.5
EPSS Score
0.001
Published
2022-01-10
Ivanti Workspace Control before 10.4.50.0 allows attackers to degrade integrity.
CVSS Score
7.5
EPSS Score
0.016
Published
2021-12-15