cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2024-38657,https://securityvulnerability.io/vulnerability/CVE-2024-38657,File Write Vulnerability in Ivanti Connect Secure and Policy Secure Products,"This vulnerability allows an authenticated remote attacker with admin privileges to exploit flaws in Ivanti Connect Secure and Policy Secure. Specifically, it permits the attacker to control file names, enabling arbitrary file writing on the systems. Versions earlier than 22.7R2.4 for Connect Secure and 22.7R1.3 for Policy Secure are particularly vulnerable, presenting significant security risks that could lead to unauthorized data access and manipulation.",Ivanti,"Connect Secure,Policy Secure",9.1,CRITICAL,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-02-21T01:25:43.552Z,0
CVE-2024-13813,https://securityvulnerability.io/vulnerability/CVE-2024-13813,Insufficient Permission Vulnerability in Ivanti Secure Access Client,"The Ivanti Secure Access Client prior to version 22.8R1 contains a vulnerability that allows local authenticated attackers to exploit insufficient permissions, enabling them to delete arbitrary files on the system. This could lead to significant data loss and system instability, impacting the overall security posture of the affected machines.",Ivanti,Secure Access Client,7.1,HIGH,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-02-11T15:26:57.315Z,0
CVE-2024-13843,https://securityvulnerability.io/vulnerability/CVE-2024-13843,Cleartext Data Exposure in Ivanti Connect Secure and Policy Secure,"This vulnerability involves the cleartext storage of sensitive data in Ivanti Connect Secure and Ivanti Policy Secure, allowing local authenticated attackers with admin privileges to read this information. Versions prior to 22.7R2.6 for Connect Secure and 22.7R1.3 for Policy Secure are impacted, exposing user data to potential compromise. It is crucial for organizations using these products to assess their systems and implement updates to mitigate this risk.",Ivanti,"Connect Secure,Policy Secure",4.4,MEDIUM,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-02-11T15:26:32.029Z,0
CVE-2024-13842,https://securityvulnerability.io/vulnerability/CVE-2024-13842,Hardcoded Key Vulnerability in Ivanti Connect Secure and Policy Secure Products,"A vulnerability exists in Ivanti Connect Secure and Ivanti Policy Secure due to a hardcoded key, which allows a local authenticated attacker with admin privileges to access and read sensitive data. This could lead to unauthorized information disclosure and pose serious risks to user privacy and data security. Organizations using these products are advised to review their configurations and promptly update to versions that mitigate this issue.",Ivanti,"Connect Secure,Policy Secure",4.4,MEDIUM,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-02-11T15:25:49.528Z,0
CVE-2024-13830,https://securityvulnerability.io/vulnerability/CVE-2024-13830,Reflected XSS Vulnerability in Ivanti Connect Secure and Ivanti Policy Secure,"A reflected cross-site scripting vulnerability exists in the Ivanti Connect Secure and Ivanti Policy Secure products prior to specified versions. This vulnerability could allow a remote unauthenticated attacker to leverage it to obtain administrative privileges, provided that user interaction takes place. It is essential for users to implement necessary precautions and apply the recommended updates to safeguard against potential exploitation.",Ivanti,"Connect Secure,Policy Secure",6.1,MEDIUM,0.0004600000102072954,false,,false,false,false,,false,false,false,,2025-02-11T15:22:15.945Z,0
CVE-2024-12058,https://securityvulnerability.io/vulnerability/CVE-2024-12058,File Name Control Vulnerability in Ivanti Connect Secure and Ivanti Policy Secure,"A security vulnerability present in Ivanti Connect Secure prior to version 22.7R2.6 and Ivanti Policy Secure prior to version 22.7R1.3 allows a remote authenticated attacker with administrative privileges to manipulate file names. This could lead to unauthorized reading of arbitrary files, potentially exposing sensitive data. Organizations using these products should evaluate their security postures and apply available patches to mitigate risks.",Ivanti,"Connect Secure,Policy Secure",6.8,MEDIUM,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-02-11T15:21:18.279Z,0
CVE-2024-10644,https://securityvulnerability.io/vulnerability/CVE-2024-10644,Code Injection Vulnerability in Ivanti Connect Secure and Policy Secure,"A vulnerability in Ivanti Connect Secure and Ivanti Policy Secure allows remote authenticated attackers with administrative privileges to execute arbitrary code on the affected systems. This issue exists in versions prior to 22.7R2.4 for Ivanti Connect Secure and 22.7R1.3 for Ivanti Policy Secure. If exploited, this vulnerability can lead to unauthorized control over the affected environments, potentially compromising sensitive data and system integrity.",Ivanti,"Connect Secure,Policy Secure",9.1,CRITICAL,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-02-11T15:20:46.680Z,0
CVE-2025-22467,https://securityvulnerability.io/vulnerability/CVE-2025-22467,Remote Code Execution Vulnerability in Ivanti Connect Secure,"A stack-based buffer overflow vulnerability exists in Ivanti Connect Secure prior to version 22.7R2.6, which may allow an authenticated remote attacker to execute arbitrary code on the affected system. This flaw could potentially lead to unauthorized access or manipulation of sensitive data within the application, underlining the importance of timely updates to mitigate the risks associated with this vulnerability.",Ivanti,Connect Secure,8.8,HIGH,0.00046999999904073775,false,,true,false,true,2025-02-12T08:43:56.000Z,false,false,false,,2025-02-11T15:20:16.514Z,965
CVE-2024-11771,https://securityvulnerability.io/vulnerability/CVE-2024-11771,Path Traversal Vulnerability in Ivanti Cloud Services Application,"A path traversal vulnerability in the Ivanti Cloud Services Application allows remote unauthenticated attackers to exploit the application, potentially granting them access to restricted functionality. The flaw exists in versions before 5.0.5, making it crucial for users to upgrade to the latest version to mitigate any associated risks.",Ivanti,Cloud Services Application,5.3,MEDIUM,0.0004400000034365803,false,,false,false,false,,false,false,false,,2025-02-11T15:19:11.855Z,0
CVE-2024-47908,https://securityvulnerability.io/vulnerability/CVE-2024-47908,OS Command Injection in Ivanti Cloud Services Application,"The Ivanti Cloud Services Application (CSA) prior to version 5.0.5 is susceptible to an OS command injection vulnerability in its admin web console. This flaw allows a remote authenticated attacker with administrative privileges to execute arbitrary code on the server, posing significant security risks for systems utilizing this application. Organizations using affected versions are strongly advised to update to the latest version to mitigate potential exploitation.",Ivanti,Cloud Services Application,7.2,HIGH,0.0005200000014156103,false,,false,false,false,,false,false,false,,2025-02-11T15:18:49.425Z,172
CVE-2024-13168,https://securityvulnerability.io/vulnerability/CVE-2024-13168,Out-of-Bounds Write Vulnerability in Ivanti EPM Software,"A vulnerability exists in Ivanti Endpoint Manager (EPM) that permits a remote unauthenticated attacker to exploit an out-of-bounds write condition. This flaw enables the attacker to disrupt service availability, potentially leading to a denial of service. Affected versions include Ivanti EPM prior to the January 2025 Security Update and Ivanti EPM 2022 SU6, also before the January 2025 update. System administrators are advised to apply the latest security updates to mitigate risks.",Ivanti,Endpoint Manager,7.5,HIGH,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-01-14T18:15:00.000Z,0
CVE-2024-13164,https://securityvulnerability.io/vulnerability/CVE-2024-13164,Privilege Escalation Vulnerability in Ivanti Endpoint Manager,"Ivanti Endpoint Manager (EPM) is vulnerable due to an uninitialized resource that exists in versions prior to the January 2025 security update. This flaw allows local authenticated attackers to exploit the vulnerability for privilege escalation, potentially gaining enhanced access to system resources and sensitive data. Users are advised to upgrade to the latest versions to mitigate risks associated with this security issue.",Ivanti,Endpoint Manager,7.8,HIGH,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-01-14T18:15:00.000Z,0
CVE-2024-13163,https://securityvulnerability.io/vulnerability/CVE-2024-13163,Remote Code Execution Vulnerability in Ivanti Endpoint Manager Products,"A deserialization vulnerability has been identified in Ivanti Endpoint Manager versions released before the January 2025 Security Update, which may allow remote unauthenticated attackers to execute arbitrary code without user interaction. Local user interaction is necessary to exploit this vulnerability, posing significant risks to organizations using the affected versions. It is crucial for users to apply the latest security updates to mitigate potential threats.",Ivanti,Endpoint Manager,7.8,HIGH,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-01-14T18:15:00.000Z,0
CVE-2024-13171,https://securityvulnerability.io/vulnerability/CVE-2024-13171,Remote Code Execution Vulnerability in Ivanti EPM Software,"A vulnerability in Ivanti EPM prior to the January 2025 Security Update allows remote unauthenticated attackers to exploit insufficient filename validation, potentially leading to unauthorized remote code execution. While local user interaction is necessary for the attack to succeed, this flaw poses a significant security risk to affected systems, emphasizing the need for immediate security measures.",Ivanti,Endpoint Manager,7.8,HIGH,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-01-14T18:15:00.000Z,0
CVE-2024-13159,https://securityvulnerability.io/vulnerability/CVE-2024-13159,Path Traversal Vulnerability in Ivanti Endpoint Manager Products,Ivanti Endpoint Manager is impacted by an absolute path traversal vulnerability that enables remote unauthenticated attackers to access and leak sensitive information. This issue affects Ivanti EPM versions released prior to the January 2025 security update. It is crucial for users of these products to apply the necessary security updates to mitigate the risks associated with this vulnerability.,Ivanti,Endpoint Manager,9.8,CRITICAL,0.0004299999854993075,false,,false,false,true,2025-02-19T05:14:34.000Z,true,false,false,,2025-01-14T18:15:00.000Z,1145
CVE-2024-13170,https://securityvulnerability.io/vulnerability/CVE-2024-13170,Out-of-Bounds Write in Ivanti Endpoint Manager Affects Security Updates,"A critical vulnerability exists in Ivanti Endpoint Manager versions prior to the January 2025 Security Update, and in the 2022 SU6 January 2025 Security Update. This out-of-bounds write flaw allows a remote unauthorized attacker to manipulate memory, potentially leading to a denial of service condition. Attackers can exploit this vulnerability without prior authentication, posing significant risk to the stability and availability of affected systems.",Ivanti,Endpoint Manager,7.5,HIGH,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-01-14T18:15:00.000Z,0
CVE-2024-13166,https://securityvulnerability.io/vulnerability/CVE-2024-13166,Out-of-Bounds Write Vulnerability in Ivanti EPM,"An out-of-bounds write vulnerability in Ivanti Endpoint Manager allows adversaries to exploit the software versions predating the January 2025 Security Update. This vulnerability enables remote unauthenticated attackers to trigger a denial of service, impacting the availability of the software. It’s crucial for organizations using the affected versions to apply the necessary updates to mitigate risks associated with this vulnerability.",Ivanti,Endpoint Manager,7.5,HIGH,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-01-14T18:15:00.000Z,0
CVE-2024-13167,https://securityvulnerability.io/vulnerability/CVE-2024-13167,Out-of-Bounds Write Vulnerability in Ivanti EPM Software,"An out-of-bounds write vulnerability in Ivanti Endpoint Manager (EPM) enables a remote, unauthenticated attacker to exploit the software prior to specific January 2025 Security Updates. This flaw may lead to potential service disruptions, as it allows for manipulation that could result in a denial of service. Users must update their EPM software to the latest security patches to mitigate the risks associated with this vulnerability.",Ivanti,Endpoint Manager,7.5,HIGH,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-01-14T18:15:00.000Z,0
CVE-2024-13161,https://securityvulnerability.io/vulnerability/CVE-2024-13161,Absolute Path Traversal Vulnerability in Ivanti Endpoint Manager,"An absolute path traversal vulnerability exists in Ivanti Endpoint Manager, allowing a remote unauthenticated attacker to exploit the flaw. This vulnerability can potentially enable attackers to access sensitive information stored on the server. The issue affects Ivanti EPM prior to the January 2025 Security Update and the 2022 SU6 January 2025 Security Update. Organizations using these affected versions should apply the necessary security updates to mitigate potential risks.",Ivanti,Endpoint Manager,9.8,CRITICAL,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-01-14T18:15:00.000Z,0
CVE-2024-13165,https://securityvulnerability.io/vulnerability/CVE-2024-13165,Out-of-Bounds Write Vulnerability in Ivanti EPM,"An out-of-bounds write vulnerability exists in Ivanti Endpoint Manager (EPM) prior to the January 2025 Security Update for both EPM 2024 and EPM 2022 SU6. This vulnerability can be exploited by remote unauthenticated attackers, potentially leading to a denial of service. Organizations utilizing affected versions are urged to apply the necessary updates to mitigate potential risks from exploitation.",Ivanti,Endpoint Manager,7.5,HIGH,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-01-14T18:15:00.000Z,0
CVE-2024-13162,https://securityvulnerability.io/vulnerability/CVE-2024-13162,SQL Injection Vulnerability in Ivanti Endpoint Manager Products,"A SQL injection flaw exists in Ivanti Endpoint Manager versions prior to the January 2025 Security Update. This vulnerability allows a remote authenticated attacker, possessing admin privileges, to achieve remote code execution by exploiting incomplete fixes from a previous vulnerability. Organizations using affected versions must update their systems promptly to mitigate the potential risk of unauthorized system control.",Ivanti,Endpoint Manager,7.2,HIGH,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-01-14T18:15:00.000Z,0
CVE-2024-13160,https://securityvulnerability.io/vulnerability/CVE-2024-13160,Absolute Path Traversal in Ivanti Endpoint Manager,"An absolute path traversal vulnerability exists in Ivanti Endpoint Manager versions prior to the January 2025 Security Update. This allows a remote unauthenticated attacker to exploit the flaw, gaining access to sensitive information stored on the server. Attackers can leverage this vulnerability to traverse the file system and expose critical data, leading to potential compromises of sensitive information.",Ivanti,Endpoint Manager,9.8,CRITICAL,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-01-14T18:15:00.000Z,0
CVE-2024-13158,https://securityvulnerability.io/vulnerability/CVE-2024-13158,Remote Code Execution Vulnerability in Ivanti Endpoint Manager,"An unbounded resource search path vulnerability exists in Ivanti Endpoint Manager prior to the January-2025 Security Update. This flaw enables a remote authenticated attacker, possessing admin privileges, to execute arbitrary code on the system, potentially compromising the integrity and confidentiality of sensitive information. It is vital for users to update their systems promptly to mitigate this risk.",Ivanti,Endpoint Manager,7.2,HIGH,0.0004400000034365803,false,,false,false,false,,false,false,false,,2025-01-14T18:15:00.000Z,0
CVE-2024-13169,https://securityvulnerability.io/vulnerability/CVE-2024-13169,Local Privilege Escalation Vulnerability in Ivanti EPM Products,"A local authenticated attacker can exploit an out-of-bounds read vulnerability in Ivanti Endpoint Manager versions prior to the January 2025 security standards. This flaw enables an attacker to escalate their privileges within the affected system, potentially allowing them to gain unauthorized access to sensitive resources and systems.",Ivanti,Endpoint Manager,7.8,HIGH,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-01-14T18:15:00.000Z,0
CVE-2024-13172,https://securityvulnerability.io/vulnerability/CVE-2024-13172,Remote Code Execution Vulnerability in Ivanti EPM Software,"This vulnerability in Ivanti EPM prior to the January 2025 Security Update allows remote unauthenticated attackers to execute code remotely. Although local user interaction is necessary to exploit this flaw, it poses a significant threat to systems utilizing versions of Ivanti EPM affected by this issue.",Ivanti,Endpoint Manager,7.8,HIGH,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-01-14T18:15:00.000Z,0