Login Sign Up

Ivanti Security Vulnerabilities (CVEs)

Track 226 security vulnerabilities affecting Ivanti products and software. Get instant email alerts when new CVEs are discovered, automated security monitoring, and patch guidance.

64 Critical
128 High
34 Medium
🔔 Get Alerts for Ivanti
CVE-2024-9420 8.8

A use-after-free vulnerability in Ivanti Connect Secure and Policy Secure allows authenticated remote attackers to execute arbitrary code on affected ...

Nov 12, 2024
CVE-2024-50328 7.2

This SQL injection vulnerability in Ivanti Endpoint Manager allows authenticated administrators to execute arbitrary SQL commands, potentially leading...

Nov 12, 2024
CVE-2024-50330 9.8

This critical SQL injection vulnerability in Ivanti Endpoint Manager allows remote unauthenticated attackers to execute arbitrary SQL commands, potent...

Nov 12, 2024
CVE-2024-50321 7.5

An infinite loop vulnerability in Ivanti Avalanche allows remote unauthenticated attackers to cause denial of service by crashing the service. This af...

Nov 12, 2024
CVE-2024-50323 7.8

This CVE describes a SQL injection vulnerability in Ivanti Endpoint Manager that allows a local unauthenticated attacker to execute arbitrary code. Us...

Nov 12, 2024
CVE-2024-50326 7.2

This SQL injection vulnerability in Ivanti Endpoint Manager allows authenticated administrators to execute arbitrary SQL commands, potentially leading...

Nov 12, 2024
CVE-2024-47909 4.9

A stack-based buffer overflow vulnerability in Ivanti Connect Secure and Policy Secure allows remote authenticated administrators to cause denial of s...

Nov 12, 2024
CVE-2024-50317 7.5

A null pointer dereference vulnerability in Ivanti Avalanche allows remote unauthenticated attackers to crash the service, causing denial of service. ...

Nov 12, 2024
CVE-2024-50319 7.5

CVE-2024-50319 is an infinite loop vulnerability in Ivanti Avalanche that allows remote unauthenticated attackers to cause denial of service by crashi...

Nov 12, 2024
CVE-2024-47906 7.8

This vulnerability allows local authenticated attackers to escalate privileges on Ivanti Connect Secure and Policy Secure appliances. Attackers with e...

Nov 12, 2024
CVE-2024-11007 9.1

This CVE describes a command injection vulnerability in Ivanti Connect Secure and Ivanti Policy Secure that allows authenticated administrators to exe...

Nov 12, 2024
CVE-2024-29821 7.8

This vulnerability in Ivanti DSM allows authenticated local users to execute arbitrary code with elevated privileges due to insecure access control li...

Oct 18, 2024
CVE-2024-9379 6.5

This SQL injection vulnerability in Ivanti CSA's admin web console allows authenticated administrators to execute arbitrary SQL statements. It affects...

Oct 8, 2024
CVE-2024-9380 7.2

This CVE describes an OS command injection vulnerability in Ivanti CSA's admin web console that allows authenticated administrators to execute arbitra...

Oct 8, 2024
CVE-2024-47010 7.3

CVE-2024-47010 is a path traversal vulnerability in Ivanti Avalanche that allows remote unauthenticated attackers to bypass authentication mechanisms....

Oct 8, 2024
CVE-2024-7612 8.8

This vulnerability allows local authenticated attackers to modify sensitive components in Ivanti EPMM due to insecure permissions. Organizations runni...

Oct 8, 2024
CVE-2024-47008 7.5

This Server-Side Request Forgery (SSRF) vulnerability in Ivanti Avalanche allows remote unauthenticated attackers to make the server send requests to ...

Oct 8, 2024
CVE-2024-8963 9.4

This is a path traversal vulnerability in Ivanti CSA (Cloud Services Appliance) that allows remote unauthenticated attackers to bypass security restri...

Sep 19, 2024
CVE-2024-32848 7.2

This SQL injection vulnerability in Ivanti Endpoint Manager allows authenticated administrators to execute arbitrary SQL commands, potentially leading...

Sep 12, 2024
CVE-2024-34783 7.2

This SQL injection vulnerability in Ivanti Endpoint Manager allows authenticated administrators to execute arbitrary SQL commands, potentially leading...

Sep 12, 2024
CVE-2024-37397 8.2

An unauthenticated attacker can exploit an XML External Entity (XXE) vulnerability in Ivanti EPM's provisioning web service to read sensitive files, i...

Sep 12, 2024
CVE-2024-29847 9.8

This critical vulnerability allows remote unauthenticated attackers to execute arbitrary code on Ivanti EPM systems by exploiting insecure deserializa...

Sep 12, 2024
CVE-2024-32842 7.2

This is an SQL injection vulnerability in Ivanti Endpoint Manager (EPM) that allows authenticated administrators to execute arbitrary SQL commands, po...

Sep 12, 2024
CVE-2024-32845 7.2

This SQL injection vulnerability in Ivanti Endpoint Manager allows authenticated administrators to execute arbitrary SQL commands, potentially leading...

Sep 12, 2024
CVE-2024-8320 5.3

This vulnerability allows remote unauthenticated attackers to spoof the Network Isolation status of managed devices in Ivanti EPM. Attackers can make ...

Sep 10, 2024
CVE-2024-8322 4.3

This vulnerability allows remote authenticated attackers to bypass authentication controls in Ivanti Endpoint Manager (EPM) and access restricted func...

Sep 10, 2024
CVE-2024-44107 8.8

This vulnerability allows local authenticated attackers to perform DLL hijacking in Ivanti Workspace Control's management console, enabling privilege ...

Sep 10, 2024
CVE-2024-8190 7.2

An OS command injection vulnerability in Ivanti Cloud Services Appliance allows authenticated attackers with admin privileges to execute arbitrary com...

Sep 10, 2024
CVE-2024-44103 8.8

This vulnerability allows a local authenticated attacker to perform DLL hijacking in Ivanti Workspace Control's management console, enabling privilege...

Sep 10, 2024
CVE-2024-44105 8.2

This vulnerability allows a local authenticated attacker to intercept OS credentials transmitted in cleartext within the Ivanti Workspace Control mana...

Sep 10, 2024
CVE-2024-38652 9.1

This vulnerability allows remote unauthenticated attackers to delete arbitrary files on Ivanti Avalanche servers through path traversal in the skin ma...

Aug 14, 2024
CVE-2024-36136 7.5

An off-by-one error in WLInfoRailService in Ivanti Avalanche allows remote unauthenticated attackers to crash the service, causing denial of service. ...

Aug 14, 2024
CVE-2024-37399 7.5

This vulnerability allows remote unauthenticated attackers to cause a denial of service (DoS) by crashing the WLAvalancheService in Ivanti Avalanche. ...

Aug 14, 2024
CVE-2024-7569 9.6

An unauthenticated attacker can obtain OIDC client secrets from debug information in Ivanti ITSM on-prem and Neurons for ITSM. This allows potential a...

Aug 13, 2024
CVE-2024-7593 9.8

This vulnerability allows remote unauthenticated attackers to bypass authentication on Ivanti vTM admin panels. Attackers can gain administrative acce...

Aug 13, 2024
CVE-2024-36132 7.5

This authentication bypass vulnerability in Ivanti EPMM allows remote attackers to access sensitive resources without proper credentials. It affects I...

Aug 7, 2024
CVE-2024-36130 9.8

This vulnerability allows an unauthorized attacker on the same network to bypass authentication in Ivanti EPMM's web component and execute arbitrary c...

Aug 7, 2024
CVE-2024-29830 8.0

This SQL injection vulnerability in Ivanti EPM Core server allows authenticated attackers on the same network to execute arbitrary SQL commands, poten...

May 31, 2024
CVE-2024-29848 7.2

This vulnerability allows authenticated privileged users in Ivanti Avalanche to upload arbitrary files, leading to remote code execution with SYSTEM p...

May 31, 2024
CVE-2024-29824 8.8

An unauthenticated SQL injection vulnerability in Ivanti EPM Core server allows attackers on the same network to execute arbitrary code. This affects ...

May 31, 2024
CVE-2024-29826 8.8

An unauthenticated SQL injection vulnerability in Ivanti EPM Core server allows attackers on the same network to execute arbitrary code. This affects ...

May 31, 2024
CVE-2024-29828 8.0

An authenticated SQL injection vulnerability in Ivanti EPM Core server allows attackers on the same network to execute arbitrary code. This affects Iv...

May 31, 2024
CVE-2024-22058 7.8

This vulnerability allows a low-privilege local user with the Ivanti EPM Agent installed to exploit a buffer overflow and execute arbitrary code with ...

May 31, 2024
CVE-2024-22060 4.9

This vulnerability allows authenticated high-privileged users in Ivanti Neurons for ITSM to upload arbitrary files to sensitive server directories. At...

May 31, 2024
CVE-2024-29822 8.8

An unauthenticated SQL injection vulnerability in Ivanti EPM Core server allows attackers on the same network to execute arbitrary code. This affects ...

May 31, 2024
CVE-2023-38042 7.8

This CVE describes a local privilege escalation vulnerability in Ivanti Secure Access Client for Windows. It allows authenticated low-privileged users...

May 31, 2024
CVE-2023-46810 7.3

This CVE describes a local privilege escalation vulnerability in Ivanti Secure Access Client for Linux that allows authenticated low-privileged users ...

May 31, 2024
CVE-2023-46807 6.7

An SQL injection vulnerability in Ivanti EPMM's web component allows authenticated users with appropriate privileges to access or modify database data...

May 22, 2024
CVE-2024-27976 8.8

This path traversal vulnerability in Ivanti Avalanche's web component allows authenticated remote attackers to execute arbitrary commands with SYSTEM ...

Apr 19, 2024
CVE-2024-27984 7.1

This path traversal vulnerability in Ivanti Avalanche's web component allows authenticated remote attackers to delete specific files or cause denial o...

Apr 19, 2024

Why Monitor Ivanti Security Vulnerabilities?

Real-time CVE tracking: Our automated system monitors 226+ known vulnerabilities affecting Ivanti products and software packages. Stay ahead of emerging threats with instant email notifications when new security issues are discovered.

Automated security monitoring: Unlike manual CVE checking, FixTheCVE automatically scans your servers and detects vulnerable Ivanti packages in under 60 seconds. No agents required - completely agentless scanning that works across Ivanti deployments.

Free vulnerability database: Access detailed information about every Ivanti CVE including CVSS scores, severity ratings, affected versions, and actionable patch guidance. Filter by critical, high, medium, or low severity to prioritize your security remediation efforts.

🚀 Get Started in 60 Seconds

  • Register free account & add your servers
  • Run one-time scan or schedule automatic monitoring (every 1-24 hours)
  • Receive instant alerts when new Ivanti CVEs affect your systems
  • Access dashboard with severity breakdown & fix instructions
Start Monitoring Ivanti CVEs Free