In Ivanti Service Desk (formerly LANDESK Management Suite) versions between 2016.3 and 2017.3, an Unrestricted Direct Object Reference leads to referencing/updating objects belonging to other users. I...

Ivanti Endpoint Security (formerly HEAT Endpoint Management and Security Suite) 8.5 Update 1 and earlier allows an authenticated user with low privileges and access to the local network to bypass appl...

An issue was discovered in Ivanti Avalanche for all versions between 5.3 and 6.2. A local user with database access privileges can read the encrypted passwords for users who authenticate via LDAP to A...

An issue was discovered in Ivanti Avalanche for all versions between 5.3 and 6.2. The impacted products used a single shared key encryption model to encrypt data. A user with access to system database...

An issue was discovered in Ivanti Workspace Control before 10.3.0.0 and RES One Workspace, when file and folder security are configured. A local authenticated user can bypass file and folder security ...

An issue was discovered in Ivanti Workspace Control before 10.3.10.0 and RES One Workspace. A local authenticated user can bypass Application Whitelisting restrictions to execute arbitrary code by lev...

An issue was discovered in Ivanti Workspace Control before 10.3.10.0 and RES One Workspace. A local authenticated user can execute processes with elevated privileges via an unspecified attack vector.

An issue was discovered in Ivanti Workspace Control before 10.3.10.0 and RES One Workspace. A local authenticated user can decrypt the encrypted datastore or relay server password by leveraging an uns...

An issue was discovered in Ivanti Workspace Control before 10.3.90.0. Local authenticated users with low privileges in a Workspace Control managed session can bypass Workspace Control security feature...

Improper access control and open directories in Ivanti LANDESK Management Suite (LDMS, aka Endpoint Manager) 10.0.1.168 Service Update 5 may lead to remote disclosure of administrator passwords.

A SQL Injection vulnerability exists in Ivanti LANDESK Management Suite (LDMS, aka Endpoint Manager) 10.0.1.168 Service Update 5 due to improper username sanitization in the Basic Authentication imple...

Open directories in Ivanti LANDESK Management Suite (LDMS, aka Endpoint Manager) 10.0.1.168 Service Update 5 may lead to remote information disclosure and arbitrary code execution.

Use of a hard-coded encryption key in Ivanti LANDESK Management Suite (LDMS, aka Endpoint Manager) 10.0.1.168 Service Update 5 may lead to full managed endpoint compromise by an authenticated user wit...

A vulnerable upl/async_upload.asp web API endpoint in Ivanti LANDESK Management Suite (LDMS, aka Endpoint Manager) 10.0.1.168 Service Update 5 allows arbitrary file upload, which may lead to arbitrary...

An issue was discovered in the Core Server in Ivanti Endpoint Manager (EPM) 2017.3 before SU7 and 2018.x before 2018.3 SU3, with remote code execution. In other words, the issue affects 2017.3, 2018.1...

In Ivanti Workspace Control before 10.3.180.0. a locally authenticated user with low privileges can bypass Managed Application Security by leveraging an unspecified attack vector in Workspace Preferen...

An issue was discovered in Ivanti Workspace Control 10.3.110.0. One is able to bypass Ivanti's FileGuard folder protection by renaming the WMTemp work folder used by PowerGrid. A malicious PowerGrid X...

Ivanti Workspace Control before 10.4.30.0, when SCCM integration is enabled, allows local users to obtain sensitive information (keying material).

Ivanti Avalanche 6.3 allows a SQL injection that is vaguely associated with the Apache HTTP Server, aka Bug 683250.

In Ivanti WorkSpace Control before 10.4.40.0, a user can elevate rights on the system by hijacking certain user registries. This is possible because pwrgrid.exe first checks the Current User registry ...