Ivanti Security Vulnerabilities (CVEs)
Track 227 security vulnerabilities affecting Ivanti products and software. Get instant email alerts when new CVEs are discovered, automated security monitoring, and patch guidance.
This vulnerability in Ivanti Avalanche allows authenticated remote attackers to bypass authentication and execute arbitrary code via insecure deserial...
Mar 29, 2023CVE-2022-36976 is a critical SQL injection vulnerability in Ivanti Avalanche that allows remote attackers to bypass authentication. The flaw exists in...
Mar 29, 2023This vulnerability allows remote attackers to execute arbitrary code on Ivanti Avalanche systems by bypassing authentication and exploiting insecure d...
Mar 29, 2023This authentication bypass vulnerability in Ivanti Avalanche allows remote attackers to gain unauthorized access to the EnterpriseServer service. Atta...
Mar 29, 2023This is a critical path traversal vulnerability in Ivanti Avalanche that allows authenticated attackers to bypass authentication mechanisms and execut...
Mar 29, 2023This critical authentication bypass vulnerability in Ivanti Avalanche allows remote attackers to gain unauthorized access without credentials. The fla...
Mar 29, 2023This vulnerability in Ivanti Avalanche allows authenticated remote attackers to bypass authentication mechanisms and execute arbitrary code via insecu...
Mar 29, 2023CVE-2022-36972 is a critical SQL injection vulnerability in Ivanti Avalanche that allows remote attackers to bypass authentication. The flaw exists in...
Mar 29, 2023This vulnerability allows a non-admin user with user management permissions to escalate privileges to admin via the password reset functionality in In...
Apr 11, 2022CVE-2021-30497 is an absolute path traversal vulnerability in Ivanti Avalanche (Premise) that allows unauthenticated remote attackers to read arbitrar...
Apr 6, 2022This vulnerability allows authenticated users with high privilege access to the Incapptic Connect web console to remotely execute arbitrary code on th...
Mar 4, 2022This is a critical remote code execution vulnerability in Ivanti Cloud Services Appliance (CSA) that allows unauthenticated attackers to execute arbit...
Dec 8, 2021This vulnerability allows an attacker with access to the Inforail Service in Ivanti Avalanche to perform session takeover, potentially gaining unautho...
Dec 7, 2021This vulnerability allows an attacker with access to the Inforail Service in Ivanti Avalanche to escalate privileges, potentially gaining administrati...
Dec 7, 2021This vulnerability allows remote attackers to execute arbitrary code on Ivanti Avalanche systems by sending maliciously crafted data to the Data Repos...
Dec 7, 2021This command injection vulnerability in Ivanti Avalanche allows attackers with access to the Inforail Service to execute arbitrary commands on the sys...
Dec 7, 2021This SQL injection vulnerability in Ivanti Avalanche allows attackers with access to the Inforail Service to execute arbitrary SQL commands, potential...
Dec 7, 2021This vulnerability in Ivanti Avalanche allows attackers with access to the Inforail Service to write arbitrary files to the system. This could lead to...
Dec 7, 2021An unauthenticated administrator can cause denial of service on Pulse Connect Secure devices by sending malformed requests. This affects Pulse Connect...
Nov 19, 2021This vulnerability allows an authenticated administrator or compromised Pulse Connect Secure device in a load-balanced configuration to perform a buff...
Aug 16, 2021This vulnerability allows authenticated administrators on Pulse Connect Secure appliances to write arbitrary files by uploading a maliciously crafted ...
Aug 16, 2021A buffer overflow vulnerability in Pulse Connect Secure's Windows File Resource Profiles allows authenticated users with SMB share browsing privileges...
May 27, 2021This is a critical buffer overflow vulnerability in Pulse Connect Secure VPN appliances that allows remote authenticated attackers to execute arbitrar...
May 27, 2021This vulnerability in Pulse Connect Secure allows authenticated administrators to upload malicious archives that can write arbitrary files to the syst...
May 27, 2021CVE-2021-22893 is an authentication bypass vulnerability in Pulse Connect Secure that allows unauthenticated attackers to execute arbitrary code on th...
Apr 23, 2021This vulnerability allows authenticated attackers to upload malicious ASPX files to Ivanti Endpoint Manager servers, leading to remote code execution....
Nov 12, 2020This vulnerability allows remote attackers to cause a Denial-of-Service (DoS) in Ivanti Service Manager HEAT Remote Control 7.4 by exploiting a buffer...
Aug 6, 2020Why Monitor Ivanti Security Vulnerabilities?
Real-time CVE tracking: Our automated system monitors 227+ known vulnerabilities affecting Ivanti products and software packages. Stay ahead of emerging threats with instant email notifications when new security issues are discovered.
Automated security monitoring: Unlike manual CVE checking, FixTheCVE automatically scans your servers and detects vulnerable Ivanti packages in under 60 seconds. No agents required - completely agentless scanning that works across Ivanti deployments.
Free vulnerability database: Access detailed information about every Ivanti CVE including CVSS scores, severity ratings, affected versions, and actionable patch guidance. Filter by critical, high, medium, or low severity to prioritize your security remediation efforts.
🚀 Get Started in 60 Seconds
- Register free account & add your servers
- Run one-time scan or schedule automatic monitoring (every 1-24 hours)
- Receive instant alerts when new Ivanti CVEs affect your systems
- Access dashboard with severity breakdown & fix instructions
