CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2021-38560
https://notcve.org/view.php?id=CVE-2021-38560
Ivanti Service Manager 2021.1 allows reflected XSS via the appName parameter associated with ConfigDB calls, such as in RelocateAttachments.aspx. Ivanti Service Manager versión 2021.1, permite un ataque de tipo XSS reflejado por medio del parámetro appName asociado a las llamadas de ConfigDB, como en RelocateAttachments.aspx • https://github.com/os909/iVANTI-CVE-2021-38560 https://forums.ivanti.com/s/article/Ivanti-Service-Manager-Asset-Manager-2021-1-Release-Notes?language=en_US • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2022-21823
https://notcve.org/view.php?id=CVE-2022-21823
A insecure storage of sensitive information vulnerability exists in Ivanti Workspace Control <2021.2 (10.7.30.0) that could allow an attacker with locally authenticated low privileges to obtain key information due to an unspecified attack vector. Se presenta una vulnerabilidad de almacenamiento no seguro de información confidencial en Ivanti Workspace Control versiones anteriores a 2021.2 (10.7.30.0) que podría permitir a un atacante con privilegios bajos autenticados localmente conseguir información clave debido a un vector de ataque no especificado • https://forums.ivanti.com/s/article/A-locally-authenticated-user-with-low-privileges-can-obtain-key-information-due-to-an-unspecified-attack-vector?language=en_US • CWE-922: Insecure Storage of Sensitive Information •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2019-19138
https://notcve.org/view.php?id=CVE-2019-19138
Ivanti Workspace Control before 10.4.50.0 allows attackers to degrade integrity. Ivanti Workspace Control versiones anteriores a 10.4.50.0, permite a atacantes degradar la integridad • https://forums.ivanti.com/s/article/Enhanced-Security-Update-IWC-components https://forums.ivanti.com/s/article/Security-Alert-Ivanti-RES-Workspace-Manager-November-2019 •
CVSS: 9.8EPSS: 97%CPEs: 2EXPL: 5CVE-2021-44529 – Ivanti Endpoint Manager Cloud Service Appliance (EPM CSA) Code Injection Vulnerability
https://notcve.org/view.php?id=CVE-2021-44529
A code injection vulnerability in the Ivanti EPM Cloud Services Appliance (CSA) allows an unauthenticated user to execute arbitrary code with limited permissions (nobody). Una vulnerabilidad de inyección de código en Ivanti EPM Cloud Services Appliance (CSA) permite a un usuario no autenticado ejecutar código arbitrario con permisos limitados (nobody) Ivanti Endpoint Manager CSA versions 4.5 and 4.6 suffer from an unauthenticated remote code execution vulnerability. Ivanti Endpoint Manager Cloud Service Appliance (EPM CSA) contains a code injection vulnerability that allows an unauthenticated user to execute malicious code with limited permissions (nobody). • https://www.exploit-db.com/exploits/50833 https://github.com/jax7sec/CVE-2021-44529 https://github.com/jkana/CVE-2021-44529 http://packetstormsecurity.com/files/166383/Ivanti-Endpoint-Manager-CSA-4.5-4.6-Remote-Code-Execution.html http://packetstormsecurity.com/files/170590/Ivanti-Cloud-Services-Appliance-CSA-Command-Injection.html https://forums.ivanti.com/s/article/SA-2021-12-02 https://attackerkb.com/topics/XTKrwlZd7p/cve-2021-44529 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.8EPSS: 0%CPEs: 26EXPL: 0CVE-2021-22965
https://notcve.org/view.php?id=CVE-2021-22965
A vulnerability in Pulse Connect Secure before 9.1R12.1 could allow an unauthenticated administrator to causes a denial of service when a malformed request is sent to the device. Una vulnerabilidad en Pulse Connect Secure versiones anteriores a 9.1R12.1, podría permitir a un administrador no autenticado causar una denegación de servicio cuando es enviada una petición malformada al dispositivo • https://kb.pulsesecure.net/articles/Pulse_Secure_Article/KB44879/?kA13Z000000L3ZF • CWE-400: Uncontrolled Resource Consumption •