SQL injection in the admin web console of Ivanti CSA before version 5.0.3 allows a remote authenticated attacker with admin privileges to run arbitrary SQL statements.
Command injection in Ivanti Connect Secure before version 22.7R2.1 (Not Applicable to 9.1Rx) and Ivanti Policy Secure before version 22.7R1.1 (Not Applicable to 9.1Rx) allows a remote authenticated attacker with admin privileges to achieve remote code execution.
Command injection in Ivanti Connect Secure before version 22.7R2.1 (Not Applicable to 9.1Rx) and Ivanti Policy Secure before version 22.7R1.1 (Not Applicable to 9.1Rx) allows a remote authenticated attacker with admin privileges to achieve remote code execution.
Command injection in Ivanti Connect Secure before version 22.7R2.1 (Not Applicable to 9.1Rx) and Ivanti Policy Secure before version 22.7R1.1 (Not Applicable to 9.1Rx) allows a remote authenticated attacker with admin privileges to achieve remote code execution.
Code injection in Ivanti Connect Secure before version 22.7R2.4 and Ivanti Policy Secure before version 22.7R1.3 allows a remote authenticated attacker with admin privileges to achieve remote code execution.
SQL injection in Ivanti Endpoint Manager before version 2024 SU1 or before version 2022 SU7 allows a remote authenticated attacker with admin privileges to achieve code execution.
A vulnerability exists on all versions of Ivanti Connect Secure below 22.6R2 where an attacker impersonating an administrator may craft a specific web request which may lead to remote code execution.
In Ivanti Pulse Secure Pulse Connect Secure (PCS) before 9.1R12, the administrator password is stored in the HTML source code of the "Maintenance > Push Configuration > Targets > Target Name" targets.cgi screen. A read-only administrative user can escalate to a read-write administrative role.
By abusing the 'install rpm info detail' command, an attacker can escape the restricted clish shell on affected versions of Ivanti MobileIron Core. This issue was fixed in version 11.1.0.0.
By abusing the 'install rpm url' command, an attacker can escape the restricted clish shell on affected versions of Ivanti MobileIron Core. This issue was fixed in version 11.1.0.0.
A vulnerability allowed multiple unrestricted uploads in Pulse Connect Secure before 9.1R11.4 that could lead to an authenticated administrator to perform a file write via a maliciously crafted archive upload in the administrator web interface.
A vulnerability in Pulse Connect Secure before 9.1R12 could allow an authenticated administrator to perform command injection via an unsanitized web parameter.
A vulnerability in Pulse Connect Secure before 9.1R12 could allow an authenticated administrator or compromised Pulse Connect Secure device in a load-balanced configuration to perform a buffer overflow via a malicious crafted web request.
A vulnerability in Pulse Connect Secure before 9.1R12 could allow an authenticated administrator to perform command injection via an unsanitized web parameter in the administrator web console.
A vulnerability in Pulse Connect Secure before 9.1R12 could allow an authenticated administrator to perform a file write via a maliciously crafted archive uploaded in the administrator web interface.
SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote authenticated attacker with admin privileges to achieve remote code execution.
In Pulse Secure Pulse Connect Secure (PCS) 8.2 before 8.2R12.1, 8.3 before 8.3R7.1, and 9.0 before 9.0R3.4, an unauthenticated remote attacker can send a specially crafted URI to perform an arbitrary file reading vulnerability .
Excessive binary privileges in Ivanti Connect Secure before version 22.7R2.3 (Not Applicable to 9.1Rx) and Ivanti Policy Secure before version 22.7R1.2 (Not Applicable to 9.1Rx) allows a local authenticated attacker to escalate privileges.
Path traversal in Ivanti Endpoint Manager before version 2024 SU4 allows a remote unauthenticated attacker to achieve remote code execution. User interaction is required.
A path traversal vulnerability exists in Pulse Connect Secure <9.1R8 that allowed an authenticated attacker via the administrator web interface to perform an arbitrary file reading vulnerability through Meeting.
A path traversal vulnerability exists in Pulse Connect Secure <9.1R8 which allows an authenticated attacker to read arbitrary files via the administrator web interface.
A path traversal vulnerability exists in Avalanche version 6.3.x and below that when exploited could result in possible information disclosure.
A Path Traversal vulnerability in web component of Ivanti Avalanche before 6.4.3 allows a remote authenticated attacker to delete specific type of files and/or cause denial of service.
A Path Traversal vulnerability in web component of Ivanti Avalanche before 6.4.3 allows a remote authenticated attacker to execute arbitrary commands as SYSTEM.
A Path Traversal vulnerability in web component of Ivanti Avalanche before 6.4.3 allows a remote authenticated attacker to execute arbitrary commands as SYSTEM.
A Path Traversal vulnerability in web component of Ivanti Avalanche before 6.4.3 allows a remote authenticated attacker to execute arbitrary commands as SYSTEM.
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Avalanche 6.3.3.101. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the DeviceLogResource class. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to execute code in the context of the service account. Was ZDI-CAN-15966.
Path Traversal in Ivanti Avalanche before version 6.4.5 allows a remote unauthenticated attacker to bypass authentication.
Path traversal in the admin panel of Ivanti EPMM before version 12.6.0.2, 12.5.0.4, and 12.4.0.4 allows a remote authenticated attacker with admin privileges to write data in unintended locations on disk.
Path Traversal in Ivanti Avalanche before version 6.4.5 allows a remote unauthenticated attacker to leak sensitive information
Path Traversal in Ivanti Avalanche before version 6.4.5 allows a remote unauthenticated attacker to bypass authentication.
DLL hijacking in the management console of Ivanti Workspace Control before version 2025.2 (10.19.0.0) allows a local authenticated attacker to escalate their privileges.
Path traversal in the skin management component of Ivanti Avalanche 6.3.1 allows a remote unauthenticated attacker to achieve denial of service via arbitrary file deletion.
Ivanti Docs@Work for Android, before 2.26.0 is affected by the 'Dirty Stream' vulnerability. The application fails to properly sanitize file names, resulting in a path traversal-affiliated vulnerability. This potentially enables other malicious apps on the device to read sensitive information stored in the app root.
Path traversal in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a local unauthenticated attacker to achieve code execution. User interaction is required.
Path traversal in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote unauthenticated attacker to achieve remote code execution. User interaction is required.
Path traversal in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a local unauthenticated attacker to achieve code execution. User interaction is required.
A Path Traversal vulnerability in web component of Ivanti Avalanche before 6.4.3 allows a remote authenticated attacker to execute arbitrary commands as SYSTEM.
This vulnerability allows remote attackers to read arbitrary files on affected installations of Ivanti Avalanche 6.3.3.101. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the AgentTaskHandler class. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to disclose stored session cookies, leading to further compromise. Was ZDI-CAN-15967.
A Path Traversal vulnerability in web component of Ivanti Avalanche before 6.4.3 allows a remote authenticated attacker to delete arbitrary files, thereby leading to Denial-of-Service.
A Path Traversal vulnerability in web component of Ivanti Avalanche before 6.4.3 allows a remote authenticated attacker to execute arbitrary commands as SYSTEM.
A Path Traversal vulnerability in web component of Ivanti Avalanche before 6.4.3 allows a remote authenticated attacker to execute arbitrary commands as SYSTEM.
A Path Traversal vulnerability in web component of Ivanti Avalanche before 6.4.3 allows a remote authenticated attacker to execute arbitrary commands as SYSTEM.
Path Traversal in Ivanti Avalanche before version 6.4.7 allows a remote unauthenticated attacker to bypass authentication. This CVE addresses incomplete fixes from CVE-2024-47010.
An unauthenticated attacker could achieve the code execution through a RemoteControl server.
Path Traversal in Ivanti Avalanche before version 6.4.7 allows a remote unauthenticated attacker to bypass authentication.
Path Traversal in Ivanti Avalanche before version 6.4.7 allows a remote unauthenticated attacker to leak sensitive information. This CVE addresses incomplete fixes from CVE-2024-47011.
Path traversal in Ivanti CSA before version 5.0.5 allows a remote unauthenticated attacker to access restricted functionality.
Absolute path traversal in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to leak sensitive information.
Directory Traversal vulnerability in Ivanti Avalanche 6.3.4.153 allows a remote authenticated attacker to obtain sensitive information via the javax.faces.resource component.