Filtered by vendor Ivanti
Subscribe
Total
206 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-8902 | 1 Ivanti | 1 Avalanche | 2019-10-03 | 4.0 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in Ivanti Avalanche for all versions between 5.3 and 6.2. The impacted products used a single shared key encryption model to encrypt data. A user with access to system databases can use the discovered key to access potentially confidential stored data, which may include Wi-Fi passwords. This discovered key can be used for all instances of the product. | |||||
| CVE-2018-15590 | 1 Ivanti | 1 Workspace Control | 2019-10-03 | 2.1 LOW | 5.5 MEDIUM |
| An issue was discovered in Ivanti Workspace Control before 10.3.0.0 and RES One Workspace, when file and folder security are configured. A local authenticated user can bypass file and folder security restriction by leveraging an unspecified attack vector. | |||||
| CVE-2019-12376 | 1 Ivanti | 1 Landesk Management Suite | 2019-06-26 | 2.7 LOW | 4.5 MEDIUM |
| Use of a hard-coded encryption key in Ivanti LANDESK Management Suite (LDMS, aka Endpoint Manager) 10.0.1.168 Service Update 5 may lead to full managed endpoint compromise by an authenticated user with read privileges. | |||||
| CVE-2019-12377 | 1 Ivanti | 1 Landesk Management Suite | 2019-06-04 | 7.5 HIGH | 9.8 CRITICAL |
| A vulnerable upl/async_upload.asp web API endpoint in Ivanti LANDESK Management Suite (LDMS, aka Endpoint Manager) 10.0.1.168 Service Update 5 allows arbitrary file upload, which may lead to arbitrary remote code execution. | |||||
| CVE-2019-12374 | 1 Ivanti | 1 Landesk Management Suite | 2019-06-04 | 6.8 MEDIUM | 8.1 HIGH |
| A SQL Injection vulnerability exists in Ivanti LANDESK Management Suite (LDMS, aka Endpoint Manager) 10.0.1.168 Service Update 5 due to improper username sanitization in the Basic Authentication implementation in core/provisioning.secure/ProvisioningSecure.asmx in Provisioning.Secure.dll. | |||||
| CVE-2017-11463 | 1 Ivanti | 1 Endpoint Manager | 2018-03-28 | 6.5 MEDIUM | 8.8 HIGH |
| In Ivanti Service Desk (formerly LANDESK Management Suite) versions between 2016.3 and 2017.3, an Unrestricted Direct Object Reference leads to referencing/updating objects belonging to other users. In other words, a normal user can send requests to a specific URI with the target user's username in an HTTP payload in order to retrieve a key/token and use it to access/update objects belonging to other users. Such objects could be user profiles, tickets, incidents, etc. | |||||