Ivanti Security Vulnerabilities (CVEs)

Track 226 security vulnerabilities affecting Ivanti products and software. Get instant email alerts when new CVEs are discovered, automated security monitoring, and patch guidance.

64 Critical

128 High

34 Medium

Sort by:

🔔 Get Alerts for Ivanti

CVE-2025-22457 9.0

A stack-based buffer overflow vulnerability in Ivanti Connect Secure, Policy Secure, and ZTA Gateways allows remote unauthenticated attackers to execu...

Apr 3, 2025

CVE-2025-22454 7.8

This CVE describes a local privilege escalation vulnerability in Ivanti Secure Access Client where insufficient permissions allow authenticated local ...

Mar 11, 2025

CVE-2024-38657 4.9

This vulnerability allows remote authenticated attackers with admin privileges to write arbitrary files by controlling file names in Ivanti Connect Se...

Feb 21, 2025

CVE-2024-47908 9.1

This vulnerability allows authenticated administrators in Ivanti Cloud Services Application (CSA) to execute arbitrary operating system commands throu...

Feb 11, 2025

CVE-2024-13813 7.1

CVE-2024-13813 is an insufficient permissions vulnerability in Ivanti Secure Access Client that allows local authenticated attackers to delete arbitra...

Feb 11, 2025

CVE-2024-13830 6.1

This reflected cross-site scripting (XSS) vulnerability in Ivanti Connect Secure and Policy Secure allows remote unauthenticated attackers to execute ...

Feb 11, 2025

CVE-2024-13843 6.0

This vulnerability allows local authenticated administrators on Ivanti Connect Secure and Policy Secure systems to read sensitive data stored in clear...

Feb 11, 2025

CVE-2024-10644 9.1

This vulnerability allows remote authenticated administrators to inject malicious code into Ivanti Connect Secure and Policy Secure systems, leading t...

Feb 11, 2025

CVE-2024-12058 6.8

This vulnerability allows remote authenticated attackers with admin privileges to read arbitrary files on Ivanti Connect Secure and Policy Secure appl...

Feb 11, 2025

CVE-2024-13172 7.8

This vulnerability allows remote unauthenticated attackers to execute arbitrary code on Ivanti Endpoint Manager (EPM) systems by exploiting improper s...

Jan 14, 2025

CVE-2024-13168 7.5

An out-of-bounds write vulnerability in Ivanti Endpoint Manager (EPM) allows remote unauthenticated attackers to cause denial of service by crashing t...

Jan 14, 2025

CVE-2024-13169 7.8

This vulnerability allows a local authenticated attacker to perform an out-of-bounds read in Ivanti Endpoint Manager (EPM), potentially leading to pri...

Jan 14, 2025

CVE-2024-13170 7.5

This vulnerability allows remote unauthenticated attackers to cause denial of service through an out-of-bounds write in Ivanti EPM. It affects Ivanti ...

Jan 14, 2025

CVE-2024-13171 7.8

This vulnerability allows remote unauthenticated attackers to execute arbitrary code on Ivanti Endpoint Manager (EPM) systems by exploiting insufficie...

Jan 14, 2025

CVE-2024-13163 7.8

This vulnerability allows remote unauthenticated attackers to execute arbitrary code on Ivanti Endpoint Manager (EPM) systems through deserialization ...

Jan 14, 2025

CVE-2024-13164 7.8

An uninitialized resource vulnerability in Ivanti Endpoint Manager (EPM) allows local authenticated attackers to escalate privileges. This affects Iva...

Jan 14, 2025

CVE-2024-13165 7.5

An out-of-bounds write vulnerability in Ivanti Endpoint Manager (EPM) allows remote unauthenticated attackers to cause denial of service by crashing t...

Jan 14, 2025

CVE-2024-13166 7.5

An out-of-bounds write vulnerability in Ivanti Endpoint Manager (EPM) allows remote unauthenticated attackers to cause denial of service by crashing t...

Jan 14, 2025

CVE-2024-13167 7.5

An out-of-bounds write vulnerability in Ivanti Endpoint Manager (EPM) allows remote unauthenticated attackers to cause denial of service by crashing t...

Jan 14, 2025

CVE-2024-13158 7.2

This vulnerability allows remote authenticated attackers with admin privileges to execute arbitrary code on Ivanti EPM systems by exploiting an unboun...

Jan 14, 2025

CVE-2024-13159 9.8

CVE-2024-13159 is an absolute path traversal vulnerability in Ivanti Endpoint Manager (EPM) that allows remote unauthenticated attackers to access sen...

Jan 14, 2025

CVE-2024-13161 9.8

This vulnerability allows remote unauthenticated attackers to perform absolute path traversal attacks on Ivanti Endpoint Manager (EPM) systems, potent...

Jan 14, 2025

CVE-2024-10811 9.8

This vulnerability allows remote unauthenticated attackers to perform absolute path traversal attacks on Ivanti Endpoint Manager (EPM) systems, potent...

Jan 14, 2025

CVE-2024-13180 7.5

CVE-2024-13180 is a path traversal vulnerability in Ivanti Avalanche that allows remote unauthenticated attackers to access sensitive files and inform...

Jan 14, 2025

CVE-2024-13181 7.3

CVE-2024-13181 is a path traversal vulnerability in Ivanti Avalanche that allows remote unauthenticated attackers to bypass authentication mechanisms....

Jan 14, 2025

CVE-2024-10630 7.8

A race condition vulnerability in Ivanti Application Control Engine allows authenticated local attackers to bypass application blocking controls. This...

Jan 14, 2025

CVE-2025-0282 9.0

A stack-based buffer overflow vulnerability in Ivanti Connect Secure, Policy Secure, and Neurons for ZTA gateways allows remote unauthenticated attack...

Jan 8, 2025

CVE-2024-37401 7.5

An out-of-bounds read vulnerability in the IPsec implementation of Ivanti Connect Secure allows remote unauthenticated attackers to cause denial of se...

Dec 12, 2024

CVE-2024-9845 7.8

This vulnerability allows a local authenticated attacker to escalate privileges on systems running vulnerable versions of Ivanti Automation. Attackers...

Dec 11, 2024

CVE-2024-11597 7.8

This vulnerability allows a local authenticated attacker to escalate privileges on Ivanti Performance Manager systems due to insecure permissions. Att...

Dec 11, 2024

CVE-2024-7572 7.1

This vulnerability in Ivanti DSM allows local authenticated users to delete arbitrary files due to insufficient permissions. It affects organizations ...

Dec 10, 2024

CVE-2024-9844 7.1

This vulnerability allows authenticated remote attackers to bypass security restrictions in Ivanti Connect Secure's Secure Application Manager. It aff...

Dec 10, 2024

CVE-2024-11633 9.1

This CVE describes an argument injection vulnerability in Ivanti Connect Secure that allows authenticated administrators to execute arbitrary code rem...

Dec 10, 2024

CVE-2024-11639 10.0

This critical vulnerability allows remote unauthenticated attackers to bypass authentication in Ivanti CSA's admin web console, granting them full adm...

Dec 10, 2024

CVE-2024-11773 9.1

This SQL injection vulnerability in Ivanti CSA's admin web console allows authenticated administrators to execute arbitrary SQL statements. Attackers ...

Dec 10, 2024

CVE-2024-39710 9.1

This vulnerability allows authenticated administrators to inject malicious arguments into Ivanti Connect Secure and Policy Secure systems, leading to ...

Nov 13, 2024

CVE-2024-39712 9.1

This vulnerability allows authenticated administrators to inject malicious arguments into Ivanti Connect Secure and Policy Secure systems, leading to ...

Nov 13, 2024

CVE-2024-37398 7.8

This vulnerability in Ivanti Secure Access Client allows local authenticated users to escalate their privileges due to insufficient validation. Attack...

Nov 13, 2024

CVE-2024-38649 7.5

This vulnerability allows remote unauthenticated attackers to trigger an out-of-bounds write in the IPsec component of Ivanti Connect Secure, potentia...

Nov 13, 2024

CVE-2024-38655 7.2

This vulnerability allows remote authenticated attackers with admin privileges to execute arbitrary code on Ivanti Connect Secure and Policy Secure ga...

Nov 13, 2024

CVE-2024-38656 9.1

This vulnerability allows remote authenticated attackers with admin privileges to execute arbitrary code on Ivanti Connect Secure and Policy Secure ga...

Nov 13, 2024

CVE-2024-34780 7.2

This SQL injection vulnerability in Ivanti Endpoint Manager allows authenticated administrators to execute arbitrary SQL commands, potentially leading...

Nov 13, 2024

CVE-2024-34782 7.2

This SQL injection vulnerability in Ivanti Endpoint Manager allows authenticated administrators to execute arbitrary SQL commands, potentially leading...

Nov 13, 2024

CVE-2024-34787 7.8

This CVE describes a path traversal vulnerability in Ivanti Endpoint Manager that allows a local unauthenticated attacker to execute arbitrary code. U...

Nov 13, 2024

CVE-2024-29211 4.7

A race condition vulnerability in Ivanti Secure Access Client allows local authenticated attackers to modify sensitive configuration files. This could...

Nov 13, 2024

CVE-2024-32839 7.2

This SQL injection vulnerability in Ivanti Endpoint Manager allows authenticated administrators to execute arbitrary SQL commands, potentially leading...

Nov 13, 2024

CVE-2024-32844 7.2

This SQL injection vulnerability in Ivanti Endpoint Manager allows authenticated administrators to execute arbitrary SQL commands, potentially leading...

Nov 13, 2024

CVE-2024-9842 7.3

This vulnerability in Ivanti Secure Access Client allows local authenticated attackers to create arbitrary folders due to incorrect permissions. This ...

Nov 12, 2024

CVE-2024-7571 7.8

This vulnerability in Ivanti Secure Access Client allows a local authenticated attacker to escalate privileges due to incorrect file permissions. It a...

Nov 12, 2024

CVE-2024-11005 9.1

This CVE describes a command injection vulnerability in Ivanti Connect Secure and Policy Secure that allows authenticated administrators to execute ar...

Nov 12, 2024

← Previous Page 2 of 5 Next →

Why Monitor Ivanti Security Vulnerabilities?

Real-time CVE tracking: Our automated system monitors 226+ known vulnerabilities affecting Ivanti products and software packages. Stay ahead of emerging threats with instant email notifications when new security issues are discovered.

Automated security monitoring: Unlike manual CVE checking, FixTheCVE automatically scans your servers and detects vulnerable Ivanti packages in under 60 seconds. No agents required - completely agentless scanning that works across Ivanti deployments.

Free vulnerability database: Access detailed information about every Ivanti CVE including CVSS scores, severity ratings, affected versions, and actionable patch guidance. Filter by critical, high, medium, or low severity to prioritize your security remediation efforts.

🚀 Get Started in 60 Seconds

Register free account & add your servers
Run one-time scan or schedule automatic monitoring (every 1-24 hours)
Receive instant alerts when new Ivanti CVEs affect your systems
Access dashboard with severity breakdown & fix instructions

Start Monitoring Ivanti CVEs Free