Filtered by vendor Ivanti
Subscriptions
Filtered by product Automation
Subscriptions
Total
8 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2024-9845 | 1 Ivanti | 1 Automation | 2024-12-19 | 7.8 High |
Under specific circumstances, insecure permissions in Ivanti Automation before version 2024.4.0.1 allows a local authenticated attacker to achieve local privilege escalation. | ||||
CVE-2024-38656 | 1 Ivanti | 2 Automation, Connect Secure | 2024-12-01 | 9.1 Critical |
Argument injection in Ivanti Connect Secure before version 22.7R2.2 and 9.1R18.9 and Ivanti Policy Secure before version 22.7R1.2 allows a remote authenticated attacker with admin privileges to achieve remote code execution. | ||||
CVE-2022-44569 | 1 Ivanti | 1 Automation | 2024-11-21 | 7.8 High |
A locally authenticated attacker with low privileges can bypass authentication due to insecure inter-process communication. | ||||
CVE-2024-44106 | 1 Ivanti | 2 Automation, Workspace Control | 2024-09-18 | 8.8 High |
Insufficient server-side controls in the management console of Ivanti Workspace Control version 10.18.0.0 and below allows a local authenticated attacker to escalate their privileges. | ||||
CVE-2024-44105 | 1 Ivanti | 2 Automation, Workspace Control | 2024-09-18 | 8.2 High |
Cleartext transmission of sensitive information in the management console of Ivanti Workspace Control version 10.18.0.0 and below allows a local authenticated attacker to obtain OS credentials. | ||||
CVE-2024-44104 | 1 Ivanti | 2 Automation, Workspace Control | 2024-09-18 | 8.8 High |
An incorrectly implemented authentication scheme that is subjected to a spoofing attack in the management console of Ivanti Workspace Control version 10.18.0.0 and below allows a local authenticated attacker to escalate their privileges. | ||||
CVE-2024-44103 | 1 Ivanti | 2 Automation, Workspace Control | 2024-09-18 | 8.8 High |
DLL hijacking in the management console of Ivanti Workspace Control version 10.18.0.0 and below allows a local authenticated attacker to escalate their privileges. | ||||
CVE-2024-8320 | 1 Ivanti | 2 Automation, Endpoint Manager | 2024-09-13 | 5.3 Medium |
Missing authentication in Network Isolation of Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote unauthenticated attacker to spoof Network Isolation status of managed devices. |
Page 1 of 1.