Shodan
Vulnerabilities
Vulnerable Software
Ivanti:  Security Vulnerabilities
CVE-2020-13793
Unsafe storage of AD credentials in Ivanti DSM netinst 5.1 due to a static, hard-coded encryption key.
CVSS Score
9.8
EPSS Score
0.014
Published
2020-08-06
CVE-2020-8221
A path traversal vulnerability exists in Pulse Connect Secure <9.1R8 which allows an authenticated attacker to read arbitrary files via the administrator web interface.
CVSS Score
4.9
EPSS Score
0.029
Published
2020-07-30
CVE-2020-8222
A path traversal vulnerability exists in Pulse Connect Secure <9.1R8 that allowed an authenticated attacker via the administrator web interface to perform an arbitrary file reading vulnerability through Meeting.
CVSS Score
6.8
EPSS Score
0.009
Published
2020-07-30
CVE-2020-8204
A cross site scripting (XSS) vulnerability exists in Pulse Connect Secure <9.1R5 on the PSAL Page.
CVSS Score
6.1
EPSS Score
0.002
Published
2020-07-30
CVE-2020-8206
An improper authentication vulnerability exists in Pulse Connect Secure <9.1RB that allows an attacker with a users primary credentials to bypass the Google TOTP.
CVSS Score
8.1
EPSS Score
0.015
Published
2020-07-30
CVE-2020-8216
An information disclosure vulnerability in meeting of Pulse Connect Secure <9.1R8 allowed an authenticated end-users to find meeting details, if they know the Meeting ID.
CVSS Score
4.3
EPSS Score
0.022
Published
2020-07-30
CVE-2020-8217
A cross site scripting (XSS) vulnerability in Pulse Connect Secure <9.1R8 allowed attackers to exploit in the URL used for Citrix ICA.
CVSS Score
5.4
EPSS Score
0.001
Published
2020-07-30
CVE-2020-8218
Known exploited
A code injection vulnerability exists in Pulse Connect Secure <9.1R8 that allows an attacker to crafted a URI to perform an arbitrary code execution via the admin web interface.
CVSS Score
7.2
EPSS Score
0.923
Published
2020-07-30
CVE-2020-8219
An insufficient permission check vulnerability exists in Pulse Connect Secure <9.1R8 that allows an attacker to change the password of a full administrator.
CVSS Score
7.2
EPSS Score
0.017
Published
2020-07-30
CVE-2020-8220
A denial of service vulnerability exists in Pulse Connect Secure <9.1R8 that allows an authenticated attacker to perform command injection via the administrator web which can cause DOS.
CVSS Score
6.5
EPSS Score
0.067
Published
2020-07-30


Products
Pricing
Contact Us

Shodan ® - All rights reserved