Shodan
Vulnerabilities
Vulnerable Software
Ivanti:  Security Vulnerabilities
CVE-2025-8296
SQL injection in Ivanti Avalanche before version 6.4.8.8008 allows a remote authenticated attacker with admin privileges to execute arbitrary SQL queries. In certain conditions, this can also lead to remote code execution
CVSS Score
7.2
EPSS Score
0.004
Published
2025-08-12
CVE-2025-8297
Incomplete restriction of configuration in Ivanti Avalanche before version 6.4.8.8008 allows a remote authenticated attacker with admin privileges to achieve remote code execution
CVSS Score
7.2
EPSS Score
0.01
Published
2025-08-12
CVE-2023-39339
A vulnerability exists on all versions of Ivanti Policy Secure below 22.6R1 where an authenticated administrator can perform an arbitrary file read via a maliciously crafted web request.
CVSS Score
4.9
EPSS Score
0.004
Published
2025-07-12
CVE-2024-38648
A hardcoded secret in Ivanti DSM before 2024.2 allows an authenticated attacker on an adjacent network to decrypt sensitive data including user credentials.
CVSS Score
9.0
EPSS Score
0.001
Published
2025-07-12
CVE-2023-38036
A security vulnerability within Ivanti Avalanche Manager before version 6.4.1 may allow an unauthenticated attacker to create a buffer overflow that could result in service disruption or arbitrary code execution.
CVSS Score
9.8
EPSS Score
0.011
Published
2025-07-12
CVE-2025-5464
Insertion of sensitive information into a log file in Ivanti Connect Secure before version 22.7R2.8 allows a local authenticated attacker to obtain that information.
CVSS Score
6.5
EPSS Score
0.0
Published
2025-07-08
CVE-2025-6771
OS command injection in Ivanti Endpoint Manager Mobile (EPMM) before version 12.5.0.2,12.4.0.3 and 12.3.0.3 allows a remote authenticated attacker with high privileges to achieve remote code execution
CVSS Score
7.2
EPSS Score
0.012
Published
2025-07-08
CVE-2025-0293
CLRF injection in Ivanti Connect Secure before version 22.7R2.8 and Ivanti Policy Secure before version 22.7R1.5 allows a remote authenticated attacker with admin rights to write to a protected configuration file on disk.
CVSS Score
6.6
EPSS Score
0.0
Published
2025-07-08
CVE-2025-0292
SSRF in Ivanti Connect Secure before version 22.7R2.8 and Ivanti Policy Secure before version 22.7R1.5 allows a remote authenticated attacker with admin rights to access internal network services.
CVSS Score
5.5
EPSS Score
0.001
Published
2025-07-08
CVE-2025-7037
SQL injection in Ivanti Endpoint Manager before version 2024 SU3 and 2022 SU8 Security Update 1 allows a remote authenticated attacker with admin privileges to read arbitrary data from the database
CVSS Score
7.2
EPSS Score
0.001
Published
2025-07-08


Products
Pricing
Contact Us

Shodan ® - All rights reserved