Shodan
Vulnerabilities
Vulnerable Software
Ivanti:  Security Vulnerabilities
CVE-2024-7572
Insufficient permissions in Ivanti DSM before version 2024.3.5740 allows a local authenticated attacker to delete arbitrary files.
CVSS Score
7.1
EPSS Score
0.001
Published
2024-12-10
CVE-2024-8540
Insecure permissions in Ivanti Sentry before versions 9.20.2 and 10.0.2 or 10.1.0 allow a local authenticated attacker to modify sensitive application components.
CVSS Score
8.8
EPSS Score
0.001
Published
2024-12-10
CVE-2024-9844
Insufficient server-side controls in Secure Application Manager of Ivanti Connect Secure before version 22.7R2.4 allows a remote authenticated attacker to bypass restrictions.
CVSS Score
7.1
EPSS Score
0.028
Published
2024-12-10
CVE-2024-10256
Insufficient permissions in Ivanti Patch SDK before version 9.7.703 allows a local authenticated attacker to delete arbitrary files.
CVSS Score
7.1
EPSS Score
0.001
Published
2024-12-10
CVE-2024-11633
Argument injection in Ivanti Connect Secure before version 22.7R2.4 allows a remote authenticated attacker with admin privileges to achieve remote code execution
CVSS Score
9.1
EPSS Score
0.172
Published
2024-12-10
CVE-2024-11634
Command injection in Ivanti Connect Secure before version 22.7R2.3 and Ivanti Policy Secure before version 22.7R1.2 allows a remote authenticated attacker with admin privileges to achieve remote code execution. (Not applicable to 9.1Rx)
CVSS Score
9.1
EPSS Score
0.139
Published
2024-12-10
CVE-2024-11639
An authentication bypass in the admin web console of Ivanti CSA before 5.0.3 allows a remote unauthenticated attacker to gain administrative access
CVSS Score
10.0
EPSS Score
0.343
Published
2024-12-10
CVE-2024-11772
Command injection in the admin web console of Ivanti CSA before version 5.0.3 allows a remote authenticated attacker with admin privileges to achieve remote code execution.
CVSS Score
9.1
EPSS Score
0.13
Published
2024-12-10
CVE-2024-11773
SQL injection in the admin web console of Ivanti CSA before version 5.0.3 allows a remote authenticated attacker with admin privileges to run arbitrary SQL statements.
CVSS Score
9.1
EPSS Score
0.015
Published
2024-12-10
CVE-2024-39710
Argument injection in Ivanti Connect Secure before version 22.7R2.1 and 9.1R18.7 and Ivanti Policy Secure before version 22.7R1.1 allows a remote authenticated attacker with admin privileges to achieve remote code execution.
CVSS Score
9.1
EPSS Score
0.081
Published
2024-11-13


Products
Pricing
Contact Us

Shodan ® - All rights reserved