Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2019-11540

Summary
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At-26 Apr, 2019 | 01:39
Updated At-04 Aug, 2024 | 22:55
Rejected At-
Credits

In Pulse Secure Pulse Connect Secure version 9.0RX before 9.0R3.4 and 8.3RX before 8.3R7.1 and Pulse Policy Secure version 9.0RX before 9.0R3.2 and 5.4RX before 5.4R7.1, an unauthenticated, remote attacker can conduct a session hijacking attack.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mitre
Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At:26 Apr, 2019 | 01:39
Updated At:04 Aug, 2024 | 22:55
Rejected At:
▼CVE Numbering Authority (CNA)

In Pulse Secure Pulse Connect Secure version 9.0RX before 9.0R3.4 and 8.3RX before 8.3R7.1 and Pulse Policy Secure version 9.0RX before 9.0R3.2 and 5.4RX before 5.4R7.1, an unauthenticated, remote attacker can conduct a session hijacking attack.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
3.08.3HIGH
CVSS:3.0/AC:H/AV:N/A:H/C:H/I:H/PR:N/S:C/UI:R
Version: 3.0
Base score: 8.3
Base severity: HIGH
Vector:
CVSS:3.0/AC:H/AV:N/A:H/C:H/I:H/PR:N/S:C/UI:R
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101
x_refsource_CONFIRM
http://www.securityfocus.com/bid/108073
vdb-entry
x_refsource_BID
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0010
x_refsource_CONFIRM
https://i.blackhat.com/USA-19/Wednesday/us-19-Tsai-Infiltrating-Corporate-Intranet-Like-NSA.pdf
x_refsource_MISC
https://devco.re/blog/2019/09/02/attacking-ssl-vpn-part-3-the-golden-Pulse-Secure-ssl-vpn-rce-chain-with-Twitter-as-case-study/
x_refsource_MISC
https://www.kb.cert.org/vuls/id/927237
third-party-advisory
x_refsource_CERT-VN
Hyperlink: https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101
Resource:
x_refsource_CONFIRM
Hyperlink: http://www.securityfocus.com/bid/108073
Resource:
vdb-entry
x_refsource_BID
Hyperlink: https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0010
Resource:
x_refsource_CONFIRM
Hyperlink: https://i.blackhat.com/USA-19/Wednesday/us-19-Tsai-Infiltrating-Corporate-Intranet-Like-NSA.pdf
Resource:
x_refsource_MISC
Hyperlink: https://devco.re/blog/2019/09/02/attacking-ssl-vpn-part-3-the-golden-Pulse-Secure-ssl-vpn-rce-chain-with-Twitter-as-case-study/
Resource:
x_refsource_MISC
Hyperlink: https://www.kb.cert.org/vuls/id/927237
Resource:
third-party-advisory
x_refsource_CERT-VN
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101
x_refsource_CONFIRM
x_transferred
http://www.securityfocus.com/bid/108073
vdb-entry
x_refsource_BID
x_transferred
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0010
x_refsource_CONFIRM
x_transferred
https://i.blackhat.com/USA-19/Wednesday/us-19-Tsai-Infiltrating-Corporate-Intranet-Like-NSA.pdf
x_refsource_MISC
x_transferred
https://devco.re/blog/2019/09/02/attacking-ssl-vpn-part-3-the-golden-Pulse-Secure-ssl-vpn-rce-chain-with-Twitter-as-case-study/
x_refsource_MISC
x_transferred
https://www.kb.cert.org/vuls/id/927237
third-party-advisory
x_refsource_CERT-VN
x_transferred
Hyperlink: https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://www.securityfocus.com/bid/108073
Resource:
vdb-entry
x_refsource_BID
x_transferred
Hyperlink: https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0010
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: https://i.blackhat.com/USA-19/Wednesday/us-19-Tsai-Infiltrating-Corporate-Intranet-Like-NSA.pdf
Resource:
x_refsource_MISC
x_transferred
Hyperlink: https://devco.re/blog/2019/09/02/attacking-ssl-vpn-part-3-the-golden-Pulse-Secure-ssl-vpn-rce-chain-with-Twitter-as-case-study/
Resource:
x_refsource_MISC
x_transferred
Hyperlink: https://www.kb.cert.org/vuls/id/927237
Resource:
third-party-advisory
x_refsource_CERT-VN
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@mitre.org
Published At:26 Apr, 2019 | 02:29
Updated At:27 Feb, 2024 | 21:04

In Pulse Secure Pulse Connect Secure version 9.0RX before 9.0R3.4 and 8.3RX before 8.3R7.1 and Pulse Policy Secure version 9.0RX before 9.0R3.2 and 5.4RX before 5.4R7.1, an unauthenticated, remote attacker can conduct a session hijacking attack.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.19.8CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Secondary3.08.3HIGH
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
Primary2.07.5HIGH
AV:N/AC:L/Au:N/C:P/I:P/A:P
Type: Primary
Version: 3.1
Base score: 9.8
Base severity: CRITICAL
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Type: Secondary
Version: 3.0
Base score: 8.3
Base severity: HIGH
Vector:
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
Type: Primary
Version: 2.0
Base score: 7.5
Base severity: HIGH
Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P
CPE Matches
Ivanti Software
ivanti
>>connect_secure>>8.3
cpe:2.3:a:ivanti:connect_secure:8.3:*:*:*:*:*:*:*
Pulse Secure
pulsesecure
>>pulse_connect_secure>>8.3rx
cpe:2.3:a:pulsesecure:pulse_connect_secure:8.3rx:*:*:*:*:*:*:*
Pulse Secure
pulsesecure
>>pulse_connect_secure>>9.0r1
cpe:2.3:a:pulsesecure:pulse_connect_secure:9.0r1:*:*:*:*:*:*:*
Pulse Secure
pulsesecure
>>pulse_connect_secure>>9.0r2
cpe:2.3:a:pulsesecure:pulse_connect_secure:9.0r2:*:*:*:*:*:*:*
Pulse Secure
pulsesecure
>>pulse_connect_secure>>9.0r2.1
cpe:2.3:a:pulsesecure:pulse_connect_secure:9.0r2.1:*:*:*:*:*:*:*
Pulse Secure
pulsesecure
>>pulse_connect_secure>>9.0r3
cpe:2.3:a:pulsesecure:pulse_connect_secure:9.0r3:*:*:*:*:*:*:*
Pulse Secure
pulsesecure
>>pulse_connect_secure>>9.0r3.1
cpe:2.3:a:pulsesecure:pulse_connect_secure:9.0r3.1:*:*:*:*:*:*:*
Pulse Secure
pulsesecure
>>pulse_connect_secure>>9.0r3.2
cpe:2.3:a:pulsesecure:pulse_connect_secure:9.0r3.2:*:*:*:*:*:*:*
Pulse Secure
pulsesecure
>>pulse_connect_secure>>9.0rx
cpe:2.3:a:pulsesecure:pulse_connect_secure:9.0rx:*:*:*:*:*:*:*
Pulse Secure
pulsesecure
>>pulse_policy_secure>>5.4r1
cpe:2.3:a:pulsesecure:pulse_policy_secure:5.4r1:*:*:*:*:*:*:*
Pulse Secure
pulsesecure
>>pulse_policy_secure>>5.4r2
cpe:2.3:a:pulsesecure:pulse_policy_secure:5.4r2:*:*:*:*:*:*:*
Pulse Secure
pulsesecure
>>pulse_policy_secure>>5.4r2.1
cpe:2.3:a:pulsesecure:pulse_policy_secure:5.4r2.1:*:*:*:*:*:*:*
Pulse Secure
pulsesecure
>>pulse_policy_secure>>5.4r3
cpe:2.3:a:pulsesecure:pulse_policy_secure:5.4r3:*:*:*:*:*:*:*
Pulse Secure
pulsesecure
>>pulse_policy_secure>>5.4r4
cpe:2.3:a:pulsesecure:pulse_policy_secure:5.4r4:*:*:*:*:*:*:*
Pulse Secure
pulsesecure
>>pulse_policy_secure>>5.4r5
cpe:2.3:a:pulsesecure:pulse_policy_secure:5.4r5:*:*:*:*:*:*:*
Pulse Secure
pulsesecure
>>pulse_policy_secure>>5.4r5.2
cpe:2.3:a:pulsesecure:pulse_policy_secure:5.4r5.2:*:*:*:*:*:*:*
Pulse Secure
pulsesecure
>>pulse_policy_secure>>5.4r6
cpe:2.3:a:pulsesecure:pulse_policy_secure:5.4r6:*:*:*:*:*:*:*
Pulse Secure
pulsesecure
>>pulse_policy_secure>>5.4r6.1
cpe:2.3:a:pulsesecure:pulse_policy_secure:5.4r6.1:*:*:*:*:*:*:*
Pulse Secure
pulsesecure
>>pulse_policy_secure>>5.4r7
cpe:2.3:a:pulsesecure:pulse_policy_secure:5.4r7:*:*:*:*:*:*:*
Pulse Secure
pulsesecure
>>pulse_policy_secure>>5.4rx
cpe:2.3:a:pulsesecure:pulse_policy_secure:5.4rx:*:*:*:*:*:*:*
Pulse Secure
pulsesecure
>>pulse_policy_secure>>9.0r1
cpe:2.3:a:pulsesecure:pulse_policy_secure:9.0r1:*:*:*:*:*:*:*
Pulse Secure
pulsesecure
>>pulse_policy_secure>>9.0r2
cpe:2.3:a:pulsesecure:pulse_policy_secure:9.0r2:*:*:*:*:*:*:*
Pulse Secure
pulsesecure
>>pulse_policy_secure>>9.0r2.1
cpe:2.3:a:pulsesecure:pulse_policy_secure:9.0r2.1:*:*:*:*:*:*:*
Pulse Secure
pulsesecure
>>pulse_policy_secure>>9.0r3
cpe:2.3:a:pulsesecure:pulse_policy_secure:9.0r3:*:*:*:*:*:*:*
Pulse Secure
pulsesecure
>>pulse_policy_secure>>9.0r3.1
cpe:2.3:a:pulsesecure:pulse_policy_secure:9.0r3.1:*:*:*:*:*:*:*
Pulse Secure
pulsesecure
>>pulse_policy_secure>>9.0rx
cpe:2.3:a:pulsesecure:pulse_policy_secure:9.0rx:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
NVD-CWE-noinfoPrimarynvd@nist.gov
CWE ID: NVD-CWE-noinfo
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
http://www.securityfocus.com/bid/108073cve@mitre.org
Third Party Advisory
VDB Entry
https://devco.re/blog/2019/09/02/attacking-ssl-vpn-part-3-the-golden-Pulse-Secure-ssl-vpn-rce-chain-with-Twitter-as-case-study/cve@mitre.org
Exploit
Third Party Advisory
https://i.blackhat.com/USA-19/Wednesday/us-19-Tsai-Infiltrating-Corporate-Intranet-Like-NSA.pdfcve@mitre.org
Exploit
Third Party Advisory
https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101cve@mitre.org
Third Party Advisory
Vendor Advisory
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0010cve@mitre.org
Third Party Advisory
https://www.kb.cert.org/vuls/id/927237cve@mitre.org
Third Party Advisory
US Government Resource
Hyperlink: http://www.securityfocus.com/bid/108073
Source: cve@mitre.org
Resource:
Third Party Advisory
VDB Entry
Hyperlink: https://devco.re/blog/2019/09/02/attacking-ssl-vpn-part-3-the-golden-Pulse-Secure-ssl-vpn-rce-chain-with-Twitter-as-case-study/
Source: cve@mitre.org
Resource:
Exploit
Third Party Advisory
Hyperlink: https://i.blackhat.com/USA-19/Wednesday/us-19-Tsai-Infiltrating-Corporate-Intranet-Like-NSA.pdf
Source: cve@mitre.org
Resource:
Exploit
Third Party Advisory
Hyperlink: https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101
Source: cve@mitre.org
Resource:
Third Party Advisory
Vendor Advisory
Hyperlink: https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0010
Source: cve@mitre.org
Resource:
Third Party Advisory
Hyperlink: https://www.kb.cert.org/vuls/id/927237
Source: cve@mitre.org
Resource:
Third Party Advisory
US Government Resource

Change History

0
Information is not available yet

Similar CVEs

79Records found
CVE-2023-38035
Matching Score-8
Assigner-HackerOne
ShareView Details
Matching Score-8
Assigner-HackerOne
CVSS Score-9.8||CRITICAL
EPSS-94.44% / 99.98%
||
7 Day CHG~0.00%
Published-21 Aug, 2023 | 16:51
Updated-30 Jul, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2023-09-12||Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

A security vulnerability in MICS Admin Portal in Ivanti MobileIron Sentry versions 9.18.0 and below, which may allow an attacker to bypass authentication controls on the administrative interface due to an insufficiently restrictive Apache HTTPD configuration.

Action-Not Available
Vendor-Ivanti Software
Product-mobileiron_sentryMobileIron Sentrymobileiron_sentrySentry
CWE ID-CWE-863
Incorrect Authorization
CVE-2023-35084
Matching Score-8
Assigner-HackerOne
ShareView Details
Matching Score-8
Assigner-HackerOne
CVSS Score-9.8||CRITICAL
EPSS-1.63% / 81.12%
||
7 Day CHG~0.00%
Published-18 Oct, 2023 | 03:52
Updated-13 Sep, 2024 | 15:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unsafe Deserialization of User Input could lead to Execution of Unauthorized Operations in Ivanti Endpoint Manager 2022 su3 and all previous versions, which could allow an attacker to execute commands remotely.

Action-Not Available
Vendor-Ivanti Software
Product-endpoint_managerEndpoint Manager
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2025-22462
Matching Score-8
Assigner-Ivanti
ShareView Details
Matching Score-8
Assigner-Ivanti
CVSS Score-9.8||CRITICAL
EPSS-2.23% / 83.84%
||
7 Day CHG~0.00%
Published-13 May, 2025 | 15:10
Updated-16 Jul, 2025 | 18:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An authentication bypass in Ivanti Neurons for ITSM (on-prem only) before 2023.4, 2024.2 and 2024.3 with the May 2025 Security Patch allows a remote unauthenticated attacker to gain administrative access to the system.

Action-Not Available
Vendor-Ivanti Software
Product-neurons_for_itsmNeurons for ITSM (on-prem)
CWE ID-CWE-288
Authentication Bypass Using an Alternate Path or Channel
CVE-2025-22457
Matching Score-8
Assigner-Ivanti
ShareView Details
Matching Score-8
Assigner-Ivanti
CVSS Score-9||CRITICAL
EPSS-33.51% / 96.79%
||
7 Day CHG-4.99%
Published-03 Apr, 2025 | 15:20
Updated-30 Jul, 2025 | 01:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2025-04-11||Apply mitigations as set forth in the CISA instructions linked below.

A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.6, Ivanti Policy Secure before version 22.7R1.4, and Ivanti ZTA Gateways before version 22.8R2.2 allows a remote unauthenticated attacker to achieve remote code execution.

Action-Not Available
Vendor-Ivanti Software
Product-connect_securepolicy_secureneurons_for_zero-trust_accessConnect SecurePolicy SecureNeurons for ZTA gatewaysConnect Secure, Policy Secure, and ZTA Gateways
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-35078
Matching Score-8
Assigner-HackerOne
ShareView Details
Matching Score-8
Assigner-HackerOne
CVSS Score-10||CRITICAL
EPSS-94.48% / 100.00%
||
7 Day CHG~0.00%
Published-25 Jul, 2023 | 06:08
Updated-30 Jul, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2023-08-15||Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

An authentication bypass vulnerability in Ivanti EPMM allows unauthorized users to access restricted functionality or resources of the application without proper authentication.

Action-Not Available
Vendor-Ivanti Software
Product-endpoint_manager_mobileEndpoint Manager Mobileendpoint_manager_mobileEndpoint Manager Mobile (EPMM)
CWE ID-CWE-287
Improper Authentication
CVE-2023-32564
Matching Score-8
Assigner-HackerOne
ShareView Details
Matching Score-8
Assigner-HackerOne
CVSS Score-6.8||MEDIUM
EPSS-27.34% / 96.22%
||
7 Day CHG~0.00%
Published-10 Aug, 2023 | 19:04
Updated-09 Oct, 2024 | 19:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An unrestricted upload of file with dangerous type vulnerability exists in Avalanche versions 6.4.1 and below that could allow an attacker to achieve a remove code execution.

Action-Not Available
Vendor-Ivanti Software
Product-avalancheAvalanche
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2023-32563
Matching Score-8
Assigner-HackerOne
ShareView Details
Matching Score-8
Assigner-HackerOne
CVSS Score-8.8||HIGH
EPSS-92.48% / 99.73%
||
7 Day CHG~0.00%
Published-10 Aug, 2023 | 19:04
Updated-13 Feb, 2025 | 16:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An unauthenticated attacker could achieve the code execution through a RemoteControl server.

Action-Not Available
Vendor-Ivanti Software
Product-avalancheAvalanche
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2023-32560
Matching Score-8
Assigner-HackerOne
ShareView Details
Matching Score-8
Assigner-HackerOne
CVSS Score-8.8||HIGH
EPSS-91.91% / 99.68%
||
7 Day CHG~0.00%
Published-10 Aug, 2023 | 19:07
Updated-06 Mar, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An attacker can send a specially crafted message to the Wavelink Avalanche Manager, which could result in service disruption or arbitrary code execution. Thanks to a Researcher at Tenable for finding and reporting. Fixed in version 6.4.1.

Action-Not Available
Vendor-Ivanti Software
Product-avalancheAvalanche
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-32567
Matching Score-8
Assigner-HackerOne
ShareView Details
Matching Score-8
Assigner-HackerOne
CVSS Score-6.5||MEDIUM
EPSS-0.37% / 57.87%
||
7 Day CHG~0.00%
Published-10 Aug, 2023 | 18:58
Updated-09 Oct, 2024 | 19:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Ivanti Avalanche decodeToMap XML External Entity Processing. Fixed in version 6.4.1.236

Action-Not Available
Vendor-Ivanti Software
Product-avalancheWavelink
CWE ID-CWE-611
Improper Restriction of XML External Entity Reference
CVE-2023-32562
Matching Score-8
Assigner-HackerOne
ShareView Details
Matching Score-8
Assigner-HackerOne
CVSS Score-6.8||MEDIUM
EPSS-27.34% / 96.22%
||
7 Day CHG~0.00%
Published-10 Aug, 2023 | 19:04
Updated-06 Mar, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An unrestricted upload of file with dangerous type vulnerability exists in Avalanche versions 6.3.x and below that could allow an attacker to achieve a remove code execution. Fixed in version 6.4.1.

Action-Not Available
Vendor-Ivanti Software
Product-avalancheAvalanche
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2019-12377
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-8.26% / 91.88%
||
7 Day CHG~0.00%
Published-03 Jun, 2019 | 19:19
Updated-04 Aug, 2024 | 23:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerable upl/async_upload.asp web API endpoint in Ivanti LANDESK Management Suite (LDMS, aka Endpoint Manager) 10.0.1.168 Service Update 5 allows arbitrary file upload, which may lead to arbitrary remote code execution.

Action-Not Available
Vendor-n/aIvanti Software
Product-landesk_management_suiten/a
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2022-27773
Matching Score-8
Assigner-HackerOne
ShareView Details
Matching Score-8
Assigner-HackerOne
CVSS Score-9.8||CRITICAL
EPSS-0.44% / 62.43%
||
7 Day CHG~0.00%
Published-05 Dec, 2022 | 00:00
Updated-24 Apr, 2025 | 14:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A privilege escalation vulnerability is identified in Ivanti EPM (LANDesk Management Suite) that allows a user to execute commands with elevated privileges.

Action-Not Available
Vendor-n/aIvanti Software
Product-endpoint_managerIvanti Endpoint Manger
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2024-7569
Matching Score-8
Assigner-Ivanti
ShareView Details
Matching Score-8
Assigner-Ivanti
CVSS Score-9.6||CRITICAL
EPSS-6.13% / 90.43%
||
7 Day CHG~0.00%
Published-13 Aug, 2024 | 18:10
Updated-06 Sep, 2024 | 21:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An information disclosure vulnerability in Ivanti ITSM on-prem and Neurons for ITSM versions 2023.4 and earlier allows an unauthenticated attacker to obtain the OIDC client secret via debug information.

Action-Not Available
Vendor-Ivanti Software
Product-neurons_for_itsmITSMneurons_for_itsm
CWE ID-CWE-215
Insertion of Sensitive Information Into Debugging Code
CWE ID-CWE-922
Insecure Storage of Sensitive Information
CVE-2019-11510
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.9||CRITICAL
EPSS-94.33% / 99.95%
||
7 Day CHG~0.00%
Published-08 May, 2019 | 16:18
Updated-30 Jul, 2025 | 01:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2021-04-23||Apply updates per vendor instructions.

In Pulse Secure Pulse Connect Secure (PCS) 8.2 before 8.2R12.1, 8.3 before 8.3R7.1, and 9.0 before 9.0R3.4, an unauthenticated remote attacker can send a specially crafted URI to perform an arbitrary file reading vulnerability .

Action-Not Available
Vendor-n/aIvanti Software
Product-connect_securen/aPulse Connect Secure
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2019-11543
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-8.3||HIGH
EPSS-0.18% / 39.74%
||
7 Day CHG~0.00%
Published-26 Apr, 2019 | 01:40
Updated-15 Nov, 2024 | 15:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

XSS exists in the admin web console in Pulse Secure Pulse Connect Secure (PCS) 9.0RX before 9.0R3.4, 8.3RX before 8.3R7.1, and 8.1RX before 8.1R15.1 and Pulse Policy Secure 9.0RX before 9.0R3.2, 5.4RX before 5.4R7.1, and 5.2RX before 5.2R12.1.

Action-Not Available
Vendor-n/aIvanti SoftwarePulse Secure
Product-pulse_policy_securepulse_connect_secureconnect_securen/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2019-10651
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-23.33% / 95.74%
||
7 Day CHG~0.00%
Published-11 Jul, 2019 | 17:31
Updated-04 Aug, 2024 | 22:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in the Core Server in Ivanti Endpoint Manager (EPM) 2017.3 before SU7 and 2018.x before 2018.3 SU3, with remote code execution. In other words, the issue affects 2017.3, 2018.1, and 2018.3 installations that lack the April 2019 update.

Action-Not Available
Vendor-n/aIvanti Software
Product-endpoint_managern/a
CVE-2024-47010
Matching Score-8
Assigner-Ivanti
ShareView Details
Matching Score-8
Assigner-Ivanti
CVSS Score-7.3||HIGH
EPSS-27.25% / 96.21%
||
7 Day CHG~0.00%
Published-08 Oct, 2024 | 16:29
Updated-16 Oct, 2024 | 13:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Path Traversal in Ivanti Avalanche before version 6.4.5 allows a remote unauthenticated attacker to bypass authentication.

Action-Not Available
Vendor-Ivanti Software
Product-avalancheAvalancheavalanche
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CWE ID-CWE-288
Authentication Bypass Using an Alternate Path or Channel
CVE-2024-47009
Matching Score-8
Assigner-Ivanti
ShareView Details
Matching Score-8
Assigner-Ivanti
CVSS Score-7.3||HIGH
EPSS-17.29% / 94.78%
||
7 Day CHG~0.00%
Published-08 Oct, 2024 | 16:28
Updated-16 Oct, 2024 | 13:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Path Traversal in Ivanti Avalanche before version 6.4.5 allows a remote unauthenticated attacker to bypass authentication.

Action-Not Available
Vendor-Ivanti Software
Product-avalancheAvalancheavalanche
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CWE ID-CWE-288
Authentication Bypass Using an Alternate Path or Channel
CVE-2018-6320
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-5.24% / 89.58%
||
7 Day CHG~0.00%
Published-06 Sep, 2018 | 23:00
Updated-05 Aug, 2024 | 06:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been discovered in login.cgi in Pulse Secure Pulse Connect Secure (PCS) 8.1RX before 8.1R12 and 8.3RX before 8.3R2 and Pulse Policy Secure (PPS) 5.2RX before 5.2R9 and 5.4RX before 5.4R2 wherein an http(s) Host header received from the browser is trusted without validation.

Action-Not Available
Vendor-n/aIvanti SoftwarePulse Secure
Product-pulse_policy_securepulse_connect_secureconnect_securen/a
CWE ID-CWE-20
Improper Input Validation
CVE-2018-20810
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-1.54% / 80.60%
||
7 Day CHG~0.00%
Published-16 Mar, 2019 | 03:00
Updated-16 Sep, 2024 | 17:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Session data between cluster nodes during cluster synchronization is not properly encrypted in Pulse Secure Pulse Connect Secure (PCS) 8.3RX before 8.3R2 and Pulse Policy Secure (PPS) 5.4RX before 5.4R2. This is not applicable to PCS 8.1RX, PPS 5.2RX, or stand-alone devices.

Action-Not Available
Vendor-n/aIvanti SoftwarePulse Secure
Product-pulse_policy_secureconnect_securen/a
CWE ID-CWE-326
Inadequate Encryption Strength
CVE-2018-20813
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-3.84% / 87.72%
||
7 Day CHG~0.00%
Published-16 Mar, 2019 | 03:00
Updated-16 Sep, 2024 | 22:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An input validation issue has been found with login_meeting.cgi in Pulse Secure Pulse Connect Secure 8.3RX before 8.3R2.

Action-Not Available
Vendor-n/aIvanti Software
Product-connect_securen/a
CWE ID-CWE-20
Improper Input Validation
CVE-2024-8191
Matching Score-8
Assigner-Ivanti
ShareView Details
Matching Score-8
Assigner-Ivanti
CVSS Score-7.8||HIGH
EPSS-9.04% / 92.30%
||
7 Day CHG~0.00%
Published-10 Sep, 2024 | 20:50
Updated-12 Sep, 2024 | 21:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SQL injection in the management console of Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote unauthenticated attacker to achieve remote code execution.

Action-Not Available
Vendor-Ivanti Software
Product-endpoint_managerEndpoint Managerendpoint_manager
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2021-42128
Matching Score-8
Assigner-HackerOne
ShareView Details
Matching Score-8
Assigner-HackerOne
CVSS Score-9.8||CRITICAL
EPSS-21.35% / 95.48%
||
7 Day CHG~0.00%
Published-07 Dec, 2021 | 13:13
Updated-04 Aug, 2024 | 03:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An exposed dangerous function vulnerability exists in Ivanti Avalanche before 6.3.3 using inforail Service allows Privilege Escalation via Enterprise Server Service.

Action-Not Available
Vendor-n/aIvanti Software
Product-avalancheIvanti Avalanche
CWE ID-CWE-749
Exposed Dangerous Method or Function
CVE-2024-7593
Matching Score-8
Assigner-Ivanti
ShareView Details
Matching Score-8
Assigner-Ivanti
CVSS Score-9.8||CRITICAL
EPSS-94.42% / 99.98%
||
7 Day CHG~0.00%
Published-13 Aug, 2024 | 18:17
Updated-30 Jul, 2025 | 01:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2024-10-15||Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Incorrect implementation of an authentication algorithm in Ivanti vTM other than versions 22.2R1 or 22.7R2 allows a remote unauthenticated attacker to bypass authentication of the admin panel.

Action-Not Available
Vendor-Ivanti Software
Product-virtual_traffic_managementvTMvirtual_traffic_managerVirtual Traffic Manager
CWE ID-CWE-287
Improper Authentication
CWE ID-CWE-303
Incorrect Implementation of Authentication Algorithm
CVE-2024-29204
Matching Score-8
Assigner-HackerOne
ShareView Details
Matching Score-8
Assigner-HackerOne
CVSS Score-9.8||CRITICAL
EPSS-3.88% / 87.78%
||
7 Day CHG~0.00%
Published-19 Apr, 2024 | 01:10
Updated-06 May, 2025 | 14:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A Heap Overflow vulnerability in WLAvalancheService component of Ivanti Avalanche before 6.4.3 allows a remote unauthenticated attacker to execute arbitrary commands

Action-Not Available
Vendor-Ivanti Software
Product-avalancheAvalancheavalanche
CWE ID-CWE-122
Heap-based Buffer Overflow
CVE-2022-36975
Matching Score-8
Assigner-Zero Day Initiative
ShareView Details
Matching Score-8
Assigner-Zero Day Initiative
CVSS Score-9.1||CRITICAL
EPSS-2.07% / 83.21%
||
7 Day CHG~0.00%
Published-29 Mar, 2023 | 00:00
Updated-18 Feb, 2025 | 19:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

This vulnerability allows remote attackers to bypass authentication on affected installations of Ivanti Avalanche 6.3.2.3490. The specific flaw exists within the ProfileDaoImpl class. A crafted request can trigger execution of SQL queries composed from a user-supplied string. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-15332.

Action-Not Available
Vendor-Ivanti Software
Product-avalancheAvalanche
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2022-36978
Matching Score-8
Assigner-Zero Day Initiative
ShareView Details
Matching Score-8
Assigner-Zero Day Initiative
CVSS Score-9.8||CRITICAL
EPSS-23.43% / 95.75%
||
7 Day CHG~0.00%
Published-29 Mar, 2023 | 00:00
Updated-18 Feb, 2025 | 19:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Avalanche 6.3.2.3490. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the Notification Server service. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to execute code in the context of the service account. Was ZDI-CAN-15448.

Action-Not Available
Vendor-Ivanti Software
Product-avalancheAvalanche
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2022-36981
Matching Score-8
Assigner-Zero Day Initiative
ShareView Details
Matching Score-8
Assigner-Zero Day Initiative
CVSS Score-8.8||HIGH
EPSS-31.60% / 96.63%
||
7 Day CHG~0.00%
Published-29 Mar, 2023 | 00:00
Updated-18 Feb, 2025 | 19:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Avalanche 6.3.3.101. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the DeviceLogResource class. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to execute code in the context of the service account. Was ZDI-CAN-15966.

Action-Not Available
Vendor-Ivanti Software
Product-avalancheAvalanche
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2024-50330
Matching Score-8
Assigner-Ivanti
ShareView Details
Matching Score-8
Assigner-Ivanti
CVSS Score-9.8||CRITICAL
EPSS-23.95% / 95.81%
||
7 Day CHG~0.00%
Published-12 Nov, 2024 | 15:42
Updated-19 Nov, 2024 | 04:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote unauthenticated attacker to achieve remote code execution.

Action-Not Available
Vendor-Ivanti Software
Product-Endpoint Managerendpoint_manager
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
  • Previous
  • 1
  • 2
  • Next
Details not found