Ivanti: Security Vulnerabilities
An exposed dangerous function vulnerability exists in Ivanti Avalanche before 6.3.3 allows an attacker with access to the Inforail Service to perform an arbitrary file write.
CVSS Score
8.1
EPSS Score
0.028
Published
2021-12-07
A vulnerability in Pulse Connect Secure before 9.1R12.1 could allow an unauthenticated administrator to causes a denial of service when a malformed request is sent to the device.
CVSS Score
7.5
EPSS Score
0.021
Published
2021-11-19
An issue was discovered in Ivanti Workspace Control before 10.6.30.0. A locally authenticated user with low privileges can bypass File and Folder Security by leveraging an unspecified attack vector. As a result, the attacker can start applications with elevated privileges.
CVSS Score
7.8
EPSS Score
0.007
Published
2021-09-01
A vulnerability in Pulse Connect Secure before 9.1R12 could allow an authenticated administrator to perform an arbitrary file delete via a maliciously crafted web request.
CVSS Score
6.5
EPSS Score
0.014
Published
2021-08-16
A vulnerability in Pulse Connect Secure before 9.1R12 could allow an authenticated administrator or compromised Pulse Connect Secure device in a load-balanced configuration to perform a buffer overflow via a malicious crafted web request.
CVSS Score
7.2
EPSS Score
0.047
Published
2021-08-16
A vulnerability in Pulse Connect Secure before 9.1R12 could allow an authenticated administrator to perform command injection via an unsanitized web parameter.
CVSS Score
7.2
EPSS Score
0.021
Published
2021-08-16
A vulnerability in Pulse Connect Secure before 9.1R12 could allow a threat actor to perform a cross-site script attack against an authenticated administrator via an unsanitized web parameter.
CVSS Score
6.1
EPSS Score
0.008
Published
2021-08-16
A vulnerability in Pulse Connect Secure before 9.1R12 could allow an authenticated administrator to perform a file write via a maliciously crafted archive uploaded in the administrator web interface.
CVSS Score
7.2
EPSS Score
0.078
Published
2021-08-16
A vulnerability in Pulse Connect Secure before 9.1R12 could allow an authenticated administrator to perform command injection via an unsanitized web parameter in the administrator web console.
CVSS Score
7.2
EPSS Score
0.021
Published
2021-08-16
By abusing the 'install rpm url' command, an attacker can escape the restricted clish shell on affected versions of Ivanti MobileIron Core. This issue was fixed in version 11.1.0.0.
CVSS Score
6.5
EPSS Score
0.033
Published
2021-07-22