CISA Catalog
Data sourced from the official CISA Known Exploited Vulnerabilities Catalog. Federal agencies are required to remediate these vulnerabilities by the due date per BOD 22-01.
KEV Entries
1,619
Ransomware Use
327
Overdue
1,615
Vendors
266
Products
655
35 results · Page 2/2
Ivanti Endpoint Manager Mobile Authentication Bypass Vulnerability
Ivanti · Endpoint Manager Mobile (EPMM)
Ivanti Endpoint Manager Mobile (EPMM, previously branded MobileIron Core) contains an authentication bypass vulnerability that allows unauthenticated access to specific API paths. An attacker with access to these API paths can access personally identifiable information (PII) such as names, phone numbers, and other mobile device details for users on a vulnerable system. An attacker can also make other configuration changes including installing software and modifying security profiles on registered devices.
Required Action
Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Ivanti Pulse Connect Secure Use-After-Free Vulnerability
Ivanti · Pulse Connect Secure
Ivanti Pulse Connect Secure contains a use-after-free vulnerability that allow a remote, unauthenticated attacker to execute code via license services.
Required Action
Apply updates per vendor instructions.
Ivanti Pulse Connect Secure Code Execution Vulnerability
Ivanti · Pulse Connect Secure
Ivanti Pulse Connect Secure contains an unspecified vulnerability in the admin web interface that could allow an authenticated attacker to upload a custom template to perform code execution.
Required Action
Apply updates per vendor instructions.
Ivanti Pulse Connect Secure Unrestricted File Upload Vulnerability
Ivanti · Pulse Connect Secure
Ivanti Pulse Connect Secure contains an unrestricted file upload vulnerability that allows an authenticated administrator to perform a file write via a maliciously crafted archive upload in the administrator web interface.
Required Action
Apply updates per vendor instructions.
Ivanti Pulse Connect Secure Collaboration Suite Buffer Overflow Vulnerability
Ivanti · Pulse Connect Secure
Ivanti Pulse Connect Secure Collaboration Suite contains a buffer overflow vulnerabilities that allows a remote authenticated users to execute code as the root user via maliciously crafted meeting room.
Required Action
Apply updates per vendor instructions.
Ivanti MobileIron Multiple Products Remote Code Execution Vulnerability
Ivanti · MobileIron Multiple Products
Ivanti MobileIron's Core & Connector, Sentry, and Monitor and Reporting Database (RDB) products contain an unspecified vulnerability that allows for remote code execution.
Required Action
Apply updates per vendor instructions.
Ivanti Pulse Connect Secure Command Injection Vulnerability
Ivanti · Pulse Connect Secure
Ivanti Pulse Connect Secure contains a command injection vulnerability that allows remote authenticated users to perform remote code execution via Windows File Resource Profiles.
Required Action
Apply updates per vendor instructions.
Ivanti Pulse Connect Secure Arbitrary File Read Vulnerability
Ivanti · Pulse Connect Secure
Ivanti Pulse Connect Secure contains an arbitrary file read vulnerability that allows an unauthenticated remote attacker with network access via HTTPS to send a specially crafted URI.
Required Action
Apply updates per vendor instructions.
Ivanti Pulse Connect Secure and Policy Secure Command Injection Vulnerability
Ivanti · Pulse Connect Secure and Pulse Policy Secure
Ivanti Pulse Connect Secure and Policy Secure allows an authenticated attacker from the admin web interface to inject and execute commands.
Required Action
Apply updates per vendor instructions.
Ivanti Pulse Connect Secure Code Execution Vulnerability
Ivanti · Pulse Connect Secure
Pulse Connect Secure contains an unspecified vulnerability that allows an authenticated attacker to perform code execution using uncontrolled gzip extraction.
Required Action
Apply updates per vendor instructions.
