CVSS: 10.0EPSS: 7%CPEs: 1EXPL: 0CVE-2024-11639
https://notcve.org/view.php?id=CVE-2024-11639
10 Dec 2024 — An authentication bypass in the admin web console of Ivanti CSA before 5.0.3 allows a remote unauthenticated attacker to gain administrative access • https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Cloud-Services-Application-CSA-CVE-2024-11639-CVE-2024-11772-CVE-2024-11773 • CWE-288: Authentication Bypass Using an Alternate Path or Channel •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-8540
https://notcve.org/view.php?id=CVE-2024-8540
10 Dec 2024 — Insecure permissions in Ivanti Sentry before versions 9.20.2 and 10.0.2 or 10.1.0 allow a local authenticated attacker to modify sensitive application components. Insecure permissions in Ivanti Sentry before versions 9.20.2 and 10.0.2 or 10.1.0 allow a local authenticated attacker to modify sensitive application components. • https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Sentry-CVE-2024-8540 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 9.1EPSS: 1%CPEs: 2EXPL: 0CVE-2024-11634
https://notcve.org/view.php?id=CVE-2024-11634
10 Dec 2024 — Command injection in Ivanti Connect Secure before version 22.7R2.3 and Ivanti Policy Secure before version 22.7R1.2 allows a remote authenticated attacker with admin privileges to achieve remote code execution. (Not applicable to 9.1Rx) • https://forums.ivanti.com/s/article/December-2024-Security-Advisory-Ivanti-Connect-Secure-ICS-and-Ivanti-Policy-Secure-IPS-Multiple-CVEs • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 9.1EPSS: 1%CPEs: 1EXPL: 0CVE-2024-11633
https://notcve.org/view.php?id=CVE-2024-11633
10 Dec 2024 — Argument injection in Ivanti Connect Secure before version 22.7R2.4 allows a remote authenticated attacker with admin privileges to achieve remote code execution • https://forums.ivanti.com/s/article/December-2024-Security-Advisory-Ivanti-Connect-Secure-ICS-and-Ivanti-Policy-Secure-IPS-Multiple-CVEs • CWE-88: Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-9844
https://notcve.org/view.php?id=CVE-2024-9844
10 Dec 2024 — Insufficient server-side controls in Secure Application Manager of Ivanti Connect Secure before version 22.7R2.4 allows a remote authenticated attacker to bypass restrictions. • https://forums.ivanti.com/s/article/December-2024-Security-Advisory-Ivanti-Connect-Secure-ICS-and-Ivanti-Policy-Secure-IPS-Multiple-CVEs • CWE-602: Client-Side Enforcement of Server-Side Security •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-10256
https://notcve.org/view.php?id=CVE-2024-10256
10 Dec 2024 — Insufficient permissions in Ivanti Patch SDK before version 9.7.703 allows a local authenticated attacker to delete arbitrary files. • https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Patch-SDK-CVE-2024-10256 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 9.1EPSS: 1%CPEs: 2EXPL: 0CVE-2024-39712
https://notcve.org/view.php?id=CVE-2024-39712
13 Nov 2024 — Argument injection in Ivanti Connect Secure before version 22.7R2.1 and 9.1R18.7 and Ivanti Policy Secure before version 22.7R1.1 allows a remote authenticated attacker with admin privileges to achieve remote code execution. • https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Connect-Secure-ICS-Ivanti-Policy-Secure-IPS-Ivanti-Secure-Access-Client-ISAC-Multiple-CVEs • CWE-88: Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') •
CVSS: 7.8EPSS: 2%CPEs: 1EXPL: 0CVE-2024-38649
https://notcve.org/view.php?id=CVE-2024-38649
13 Nov 2024 — An out-of-bounds write in IPsec of Ivanti Connect Secure before version 22.7R2.1 allows a remote unauthenticated attacker to cause a denial of service. An out-of-bounds write in IPsec of Ivanti Connect Secure before version 22.7R2.1(Not Applicable to 9.1Rx) allows a remote unauthenticated attacker to cause a denial of service. • https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Connect-Secure-ICS-Ivanti-Policy-Secure-IPS-Ivanti-Secure-Access-Client-ISAC-Multiple-CVEs • CWE-125: Out-of-bounds Read •
CVSS: 9.1EPSS: 1%CPEs: 2EXPL: 0CVE-2024-39711
https://notcve.org/view.php?id=CVE-2024-39711
13 Nov 2024 — Argument injection in Ivanti Connect Secure before version 22.7R2.1 and 9.1R18.7 and Ivanti Policy Secure before version 22.7R1.1 allows a remote authenticated attacker with admin privileges to achieve remote code execution. • https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Connect-Secure-ICS-Ivanti-Policy-Secure-IPS-Ivanti-Secure-Access-Client-ISAC-Multiple-CVEs • CWE-88: Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2024-39709
https://notcve.org/view.php?id=CVE-2024-39709
13 Nov 2024 — Incorrect file permissions in Ivanti Connect Secure before version 22.6R2 and Ivanti Policy Secure before version 22.6R1 allow a local authenticated attacker to escalate their privileges. Incorrect file permissions in Ivanti Connect Secure before version 22.6R2 (Not Applicable to 9.1Rx) and Ivanti Policy Secure before version 22.7R1 (Not Applicable to 9.1Rx) allow a local authenticated attacker to escalate their privileges. • https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Connect-Secure-ICS-Ivanti-Policy-Secure-IPS-Ivanti-Secure-Access-Client-ISAC-Multiple-CVEs • CWE-732: Incorrect Permission Assignment for Critical Resource •