Version 0

CVE-2024-38656

Argument injection in Ivanti Connect Secure before version 22.7R2.2 and 9.1R18.9 and Ivanti Policy Secure before version 22.7R1.2 allows a remote authenticated attacker with admin privileges to achieve remote code execution.

CRITICAL CVSS 9.1 Published Nov 13, 2024

CVE-2024-8320

Missing authentication in Network Isolation of Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote unauthenticated attacker to spoof Network Isolation status of managed devices.

MEDIUM CVSS 5.3 Published Sep 10, 2024

CVE-2024-44106

Insufficient server-side controls in the management console of Ivanti Workspace Control version 10.18.0.0 and below allows a local authenticated attacker to escalate their privileges.

HIGH CVSS 8.8 Published Sep 10, 2024

CVE-2024-44105

Cleartext transmission of sensitive information in the management console of Ivanti Workspace Control version 10.18.0.0 and below allows a local authenticated attacker to obtain OS credentials.

HIGH CVSS 8.2 Published Sep 10, 2024

CVE-2024-44104

An incorrectly implemented authentication scheme that is subjected to a spoofing attack in the management console of Ivanti Workspace Control version 10.18.0.0 and below allows a local authenticated attacker to escalate their privileges.

HIGH CVSS 8.8 Published Sep 10, 2024

CVE-2024-44103

DLL hijacking in the management console of Ivanti Workspace Control version 10.18.0.0 and below allows a local authenticated attacker to escalate their privileges.

HIGH CVSS 8.8 Published Sep 10, 2024

CVE-2022-44569

A locally authenticated attacker with low privileges can bypass authentication due to insecure inter-process communication.

HIGH CVSS 8.8 Published Nov 03, 2023