Ivanti Security Vulnerabilities (CVEs)
Track 227 security vulnerabilities affecting Ivanti products and software. Get instant email alerts when new CVEs are discovered, automated security monitoring, and patch guidance.
A heap overflow vulnerability in the WLAvalancheService component of Ivanti Avalanche allows remote unauthenticated attackers to execute arbitrary com...
Apr 19, 2024This is a critical heap overflow vulnerability in Ivanti Avalanche's WLInfoRailService component that allows unauthenticated remote attackers to execu...
Apr 19, 2024This path traversal vulnerability in Ivanti Avalanche allows authenticated remote attackers to execute arbitrary commands with SYSTEM privileges. It a...
Apr 19, 2024This path traversal vulnerability in Ivanti Avalanche's web component allows authenticated remote attackers to execute arbitrary commands with SYSTEM ...
Apr 19, 2024This vulnerability allows authenticated remote attackers to upload malicious files to Ivanti Avalanche web components, leading to arbitrary command ex...
Apr 19, 2024This path traversal vulnerability in Ivanti Avalanche allows authenticated remote attackers to execute arbitrary commands with SYSTEM privileges. It a...
Apr 19, 2024This path traversal vulnerability in Ivanti Avalanche allows authenticated remote attackers to execute arbitrary commands with SYSTEM privileges. It a...
Apr 19, 2024An out-of-bounds read vulnerability in Ivanti Avalanche's WLAvalancheService component allows unauthenticated remote attackers to read sensitive infor...
Apr 19, 2024An unauthenticated remote attacker can exploit an out-of-bounds read vulnerability in Ivanti Avalanche's WLAvalancheService component to read sensitiv...
Apr 19, 2024An authenticated remote attacker can exploit an out-of-bounds read vulnerability in the WLAvalancheService component of Ivanti Avalanche to cause deni...
Apr 19, 2024A heap overflow vulnerability in the WLInfoRailService component of Ivanti Avalanche allows remote unauthenticated attackers to execute arbitrary comm...
Apr 19, 2024A heap overflow vulnerability in the IPSec component of Ivanti Connect Secure and Policy Secure gateways allows unauthenticated attackers to send spec...
Apr 4, 2024A null pointer dereference vulnerability in the IPSec component of Ivanti Connect Secure and Policy Secure gateways allows unauthenticated attackers t...
Apr 4, 2024This vulnerability allows authenticated remote attackers to write arbitrary files to Ivanti ITSM servers. Successful exploitation could lead to remote...
Mar 31, 2024This XXE vulnerability in Ivanti's SAML implementation allows attackers to access restricted resources without authentication by processing malicious ...
Feb 13, 2024This vulnerability allows authenticated users of Ivanti Connect Secure and Ivanti Policy Secure to escalate their privileges to administrator level. I...
Jan 31, 2024This is a command injection vulnerability in Ivanti Connect Secure and Policy Secure gateways that allows authenticated administrators to execute arbi...
Jan 12, 2024This critical vulnerability in the Mobile Device Server allows attackers to send specially crafted data packets that cause memory corruption, potentia...
Dec 19, 2023This vulnerability allows attackers to upload malicious files to Avalanche systems, leading to remote code execution. It affects Avalanche versions 6....
Dec 19, 2023This critical vulnerability allows unauthenticated attackers to exploit an XML External Entity (XXE) vulnerability in the Smart Device Server, potenti...
Dec 19, 2023This vulnerability allows attackers to send specially crafted data packets to the Mobile Device Server, causing memory corruption that can lead to Den...
Dec 19, 2023This critical vulnerability in the Mobile Device Server allows attackers to send specially crafted packets that cause memory corruption, potentially l...
Dec 19, 2023This critical vulnerability in Mobile Device Server allows remote attackers to send specially crafted packets that cause memory corruption, potentiall...
Dec 19, 2023CVE-2023-46259 is a critical memory corruption vulnerability in the Mobile Device Server component of Ivanti Avalanche. Attackers can send specially c...
Dec 19, 2023CVE-2023-46216 is a critical memory corruption vulnerability in the Mobile Device Server component of Ivanti Avalanche. Attackers can send specially c...
Dec 19, 2023This critical vulnerability in the Mobile Device Server allows attackers to send specially crafted packets that cause memory corruption, potentially l...
Dec 19, 2023This critical vulnerability in the Mobile Device Server allows attackers to send specially crafted packets that cause memory corruption, potentially l...
Dec 19, 2023This critical vulnerability in the Mobile Device Server allows attackers to send specially crafted packets that cause memory corruption, potentially l...
Dec 19, 2023CVE-2021-22962 is a vulnerability in Ivanti Avalanche that allows attackers to send specially crafted requests leading to sensitive data leakage or re...
Dec 19, 2023This vulnerability in Ivanti Connect Secure allows attackers to send specific requests that can cause a Denial of Service (DoS), potentially making th...
Dec 16, 2023This vulnerability allows an attacker impersonating an administrator to craft a specific web request that may lead to remote code execution on Ivanti ...
Dec 14, 2023This vulnerability allows unauthenticated attackers to impersonate any existing user during device enrollment in Ivanti EPMM (formerly MobileIron Core...
Nov 15, 2023This vulnerability in Ivanti Secure Access Client allows attackers with control over a specific file to escalate privileges on affected systems. It af...
Nov 15, 2023This vulnerability in Ivanti Secure Access Client allows locally authenticated attackers to exploit a misconfiguration, potentially causing denial of ...
Nov 15, 2023CVE-2023-41726 is a local privilege escalation vulnerability in Ivanti Avalanche caused by incorrect default permissions. An authenticated local attac...
Nov 3, 2023CVE-2022-43554 is a local privilege escalation vulnerability in Ivanti Avalanche Smart Device Service where missing authentication allows local attack...
Nov 3, 2023This vulnerability allows a locally authenticated attacker with low privileges to bypass authentication mechanisms through insecure inter-process comm...
Nov 3, 2023CVE-2023-38041 is a privilege escalation vulnerability in Ivanti software where authenticated users can exploit a Time-of-Check to Time-of-Use (TOCTOU...
Oct 25, 2023CVE-2023-35084 is a critical remote code execution vulnerability in Ivanti Endpoint Manager (formerly LANDesk Management Suite) caused by unsafe deser...
Oct 18, 2023This XXE vulnerability in Ivanti Endpoint Manager's CSEP component allows attackers to read arbitrary files or perform SSRF attacks by exploiting impr...
Sep 21, 2023This vulnerability allows attackers to bypass authentication on the Ivanti MobileIron Sentry administrative interface due to an overly permissive Apac...
Aug 21, 2023CVE-2023-35082 is an authentication bypass vulnerability in Ivanti EPMM (formerly MobileIron Core) that allows remote unauthenticated attackers to acc...
Aug 15, 2023This vulnerability in Wavelink Avalanche Manager allows an attacker to send a specially crafted message, potentially leading to service disruption or ...
Aug 10, 2023This vulnerability allows attackers to upload malicious files to Avalanche systems, leading to remote code execution. It affects all Avalanche version...
Aug 10, 2023This vulnerability allows attackers to upload malicious files to Avalanche systems, leading to remote code execution. It affects Ivanti Avalanche vers...
Aug 10, 2023This vulnerability allows a local low-privileged user account to execute arbitrary operating system commands with the privileges of the DSM software i...
Aug 10, 2023CVE-2023-32566 is a vulnerability in Ivanti Avalanche that allows attackers to send specially crafted requests leading to sensitive data leakage or re...
Aug 10, 2023CVE-2023-35078 is an authentication bypass vulnerability in Ivanti Endpoint Manager Mobile (EPMM) that allows unauthenticated attackers to access admi...
Jul 25, 2023CVE-2023-28324 is an improper input validation vulnerability in Ivanti Endpoint Manager that could allow attackers to escalate privileges or execute a...
Jul 1, 2023This path traversal vulnerability in Ivanti Avalanche allows attackers to access arbitrary files on the server by manipulating file path parameters. I...
May 9, 2023Why Monitor Ivanti Security Vulnerabilities?
Real-time CVE tracking: Our automated system monitors 227+ known vulnerabilities affecting Ivanti products and software packages. Stay ahead of emerging threats with instant email notifications when new security issues are discovered.
Automated security monitoring: Unlike manual CVE checking, FixTheCVE automatically scans your servers and detects vulnerable Ivanti packages in under 60 seconds. No agents required - completely agentless scanning that works across Ivanti deployments.
Free vulnerability database: Access detailed information about every Ivanti CVE including CVSS scores, severity ratings, affected versions, and actionable patch guidance. Filter by critical, high, medium, or low severity to prioritize your security remediation efforts.
🚀 Get Started in 60 Seconds
- Register free account & add your servers
- Run one-time scan or schedule automatic monitoring (every 1-24 hours)
- Receive instant alerts when new Ivanti CVEs affect your systems
- Access dashboard with severity breakdown & fix instructions
