Ivanti

Explanation

IvantiはVPN・モバイルデバイス管理 (MDM)・エンドポイント管理等のエンタープライズ向け製品を提供しています。 2024年〜2026年にかけて、Ivanti製品の脆弱性が国家支援の攻撃グループに頻繁に悪用され、CISA KEV カタログ常連となっています。

📌 Example

CVE-2024-21887 + CVE-2023-46805 (Ivanti Connect Secure VPN): 2024年初頭に未認証RCEとして悪用され、世界中の企業VPNが侵害された。

🛡 Vulnerabilities tagged with this 34

ID	Title	Severity	Detected
CVE-2026-6973 KEV	[KEV] Vulnerability in Ivanti endpoint-manager-mobile-epmm (CVE-2026-6973)	High	2 days ago
CVE-2026-1340 KEV	[KEV] Code Injection in Ivanti endpoint-manager-mobile-epmm (CVE-2026-1340)	High	1 month ago
CVE-2026-1603 KEV	[KEV] Vulnerability in Ivanti endpoint-manager-epm (CVE-2026-1603)	High	2 months ago
CVE-2026-1281 KEV	[KEV] Code Injection in Ivanti endpoint-manager-mobile-epmm (CVE-2026-1281)	High	3 months ago
CVE-2025-4428 KEV	[KEV] Code Injection in Ivanti endpoint-manager-mobile-epmm (CVE-2025-4428)	High	11 months ago
CVE-2025-4427 KEV	[KEV] Vulnerability in Ivanti endpoint-manager-mobile-epmm (CVE-2025-4427)	High	11 months ago
CVE-2025-22457 KEV	[KEV] Vulnerability in Ivanti connect-secure (CVE-2025-22457)	High	1 year ago
CVE-2024-13161 KEV	[KEV] Vulnerability in Ivanti endpoint-manager-epm (CVE-2024-13161)	High	1 year ago
CVE-2024-13160 KEV	[KEV] Vulnerability in Ivanti endpoint-manager-epm (CVE-2024-13160)	High	1 year ago
CVE-2024-13159 KEV	[KEV] Vulnerability in Ivanti endpoint-manager-epm (CVE-2024-13159)	High	1 year ago
CVE-2025-0282 KEV	[KEV] Vulnerability in Ivanti connect-secure (CVE-2025-0282)	High	1 year ago
CVE-2024-9380 KEV	[KEV] Command Injection in Ivanti cloud-services-appliance-csa (CVE-2024-9380)	High	1 year ago
CVE-2024-9379 KEV	[KEV] SQL Injection in Ivanti cloud-services-appliance-csa (CVE-2024-9379)	High	1 year ago
CVE-2024-29824 KEV	[KEV] SQL Injection in Ivanti endpoint-manager-epm (CVE-2024-29824)	High	1 year ago
CVE-2024-7593 KEV	[KEV] Authentication Bypass in Ivanti virtual-traffic-manager (CVE-2024-7593)	High	1 year ago
CVE-2024-8963 KEV	[KEV] Path Traversal in Ivanti cloud-services-appliance-csa (CVE-2024-8963)	High	1 year ago
CVE-2024-8190 KEV	[KEV] OS Command Injection in Ivanti cloud-services-appliance (CVE-2024-8190)	High	1 year ago
CVE-2021-44529 KEV	[KEV] Code Injection in Ivanti endpoint-manager-cloud-service-appliance-epm-csa (CVE-2021-44529)	High	2 years ago
CVE-2024-21893 KEV	[KEV] SSRF (Server-Side Request Forgery) in Ivanti connect-secure (CVE-2024-21893)	High	2 years ago
CVE-2023-35082 KEV	[KEV] Authentication Bypass in Ivanti endpoint-manager-mobile-epmm-and-mobileiron-core (CVE-2023-35082)	High	2 years ago
CVE-2023-46805 KEV	[KEV] Authentication Bypass in Ivanti connect-secure-and-policy-secure (CVE-2023-46805)	High	2 years ago
CVE-2024-21887 KEV	[KEV] Command Injection in Ivanti connect-secure-and-policy-secure (CVE-2024-21887)	High	2 years ago
CVE-2023-38035 KEV	[KEV] Authorization Flaw in Ivanti sentry (CVE-2023-38035)	High	2 years ago
CVE-2023-35081 KEV	[KEV] Path Traversal in Ivanti endpoint-manager-mobile-epmm (CVE-2023-35081)	High	2 years ago
CVE-2023-35078 KEV	[KEV] Authentication Bypass in Ivanti endpoint-manager-mobile-epmm (CVE-2023-35078)	High	2 years ago
CVE-2020-15505 KEV	[KEV] Vulnerability in Ivanti mobileiron-multiple-products (CVE-2020-15505)	High	4 years ago
CVE-2021-22893 KEV	[KEV] Authentication Bypass in Ivanti pulse-connect-secure (CVE-2021-22893)	High	4 years ago
CVE-2020-8243 KEV	[KEV] Code Injection in Ivanti pulse-connect-secure (CVE-2020-8243)	High	4 years ago
CVE-2021-22900 KEV	[KEV] Code Injection in Ivanti pulse-connect-secure (CVE-2021-22900)	High	4 years ago
CVE-2021-22894 KEV	[KEV] Code Injection in Ivanti pulse-connect-secure (CVE-2021-22894)	High	4 years ago

Title