Shodan
Vulnerabilities
Vulnerable Software
Ivanti:  Security Vulnerabilities
CVE-2024-39711
Argument injection in Ivanti Connect Secure before version 22.7R2.1 and 9.1R18.7 and Ivanti Policy Secure before version 22.7R1.1 allows a remote authenticated attacker with admin privileges to achieve remote code execution.
CVSS Score
9.1
EPSS Score
0.081
Published
2024-11-13
CVE-2024-39712
Argument injection in Ivanti Connect Secure before version 22.7R2.1 and 9.1R18.7 and Ivanti Policy Secure before version 22.7R1.1 allows a remote authenticated attacker with admin privileges to achieve remote code execution.
CVSS Score
9.1
EPSS Score
0.081
Published
2024-11-13
CVE-2024-37398
Insufficient validation in Ivanti Secure Access Client before 22.7R4 allows a local authenticated attacker to escalate their privileges.
CVSS Score
7.8
EPSS Score
0.001
Published
2024-11-13
CVE-2024-37400
An out of bounds read in Ivanti Connect Secure before version 22.7R2.3 allows a remote unauthenticated attacker to trigger an infinite loop, causing a denial of service.
CVSS Score
7.5
EPSS Score
0.033
Published
2024-11-13
CVE-2024-38649
An out-of-bounds write in IPsec of Ivanti Connect Secure before version 22.7R2.1(Not Applicable to 9.1Rx) allows a remote unauthenticated attacker to cause a denial of service.
CVSS Score
7.5
EPSS Score
0.044
Published
2024-11-13
CVE-2024-38654
Improper bounds checking in Ivanti Secure Access Client before version 22.7R3 allows a local authenticated attacker with admin privileges to cause a denial of service.
CVSS Score
4.4
EPSS Score
0.001
Published
2024-11-13
CVE-2024-38655
Argument injection in Ivanti Connect Secure before version 22.7R2.1 and 9.1R18.9 and Ivanti Policy Secure before version 22.7R1.1 and 9.1R18.9 allows a remote authenticated attacker with admin privileges to achieve remote code execution.
CVSS Score
9.1
EPSS Score
0.138
Published
2024-11-13
CVE-2024-38656
Argument injection in Ivanti Connect Secure before version 22.7R2.2 and 9.1R18.9 and Ivanti Policy Secure before version 22.7R1.2 allows a remote authenticated attacker with admin privileges to achieve remote code execution.
CVSS Score
9.1
EPSS Score
0.061
Published
2024-11-13
CVE-2024-39709
Incorrect file permissions in Ivanti Connect Secure before version 22.6R2 (Not Applicable to 9.1Rx) and Ivanti Policy Secure before version 22.7R1 (Not Applicable to 9.1Rx) allow a local authenticated attacker to escalate their privileges.
CVSS Score
7.8
EPSS Score
0.001
Published
2024-11-13
CVE-2024-34780
SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote authenticated attacker with admin privileges to achieve remote code execution.
CVSS Score
7.2
EPSS Score
0.114
Published
2024-11-13


Products
Pricing
Contact Us

Shodan ® - All rights reserved