Ivanti Desktop & Server Management — known CVE vulnerabilities
Every CVE whose affected-product data names Ivanti Desktop & Server Management, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (6)
CVE-2023-28129 — CVSS 7.8 (high): DSM 2022.2 SU2 and all prior versions allows a local low privileged account to execute arbitrary OS commands as the DSM software…
CVE-2024-29213 — CVSS 7.8 (high): Ivanti DSM < version 2024.2 allows authenticated users on the local machine to run code with elevated privileges due to insecure ACL via…
CVE-2024-29821 — CVSS 7.8 (high): Ivanti DSM < version 2024.2 allows authenticated users on the local machine to run code with elevated privileges due to insecure ACL via…
CVE-2026-3483 — CVSS 7.8 (high): An exposed dangerous method in Ivanti DSM before version 2026.1.1 allows a local authenticated attacker to escalate their privileges.
CVE-2024-7572 — CVSS 7.1 (high): Insufficient permissions in Ivanti DSM before version 2024.3.5740 allows a local authenticated attacker to delete arbitrary files.
CVE-2024-38648 — CVSS 5.7 (medium): A hardcoded secret in Ivanti DSM before 2024.2 allows an authenticated attacker on an adjacent network to decrypt sensitive data including…