Known Exploited Vulnerabilities Catalog

For the benefit of the cybersecurity community and network defenders—and to help every organization better manage vulnerabilities and keep pace with threat activity—CISA maintains the authoritative source of vulnerabilities that have been exploited in the wild. Organizations should use the KEV catalog as an input to their vulnerability management prioritization framework.

How to use the KEV Catalog

The KEV catalog is also available in these formats:

CSV
JSON
JSON Schema (updated 06-25-2024)
Print View
License

Ivanti | Endpoint Manager Cloud Service Appliance (EPM CSA)

CVE-2021-44529

Ivanti Endpoint Manager Cloud Service Appliance (EPM CSA) Code Injection Vulnerability : Ivanti Endpoint Manager Cloud Service Appliance (EPM CSA) contains a code injection vulnerability that allows an unauthenticated user to execute malicious code with limited permissions (nobody).

Related CWE: CWE-94

Known To Be Used in Ransomware Campaigns? Known

Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Date Added: 2024-03-25
Due Date: 2024-04-15

Additional Notes

Ivanti | Connect Secure, Policy Secure, and Neurons

CVE-2024-21893

Ivanti Connect Secure, Policy Secure, and Neurons Server-Side Request Forgery (SSRF) Vulnerability: Ivanti Connect Secure (ICS, formerly known as Pulse Connect Secure), Ivanti Policy Secure, and Ivanti Neurons contain a server-side request forgery (SSRF) vulnerability in the SAML component that allows an attacker to access certain restricted resources without authentication.

Related CWE: CWE-918

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Date Added: 2024-01-31
Due Date: 2024-02-02

Additional Notes

VMware | vCenter Server

CVE-2023-34048

VMware vCenter Server Out-of-Bounds Write Vulnerability: VMware vCenter Server contains an out-of-bounds write vulnerability in the implementation of the DCERPC protocol that allows an attacker to conduct remote code execution.

Related CWE: CWE-787

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Date Added: 2024-01-22
Due Date: 2024-02-12

Additional Notes

Ivanti | Endpoint Manager Mobile (EPMM) and MobileIron Core

CVE-2023-35082

Ivanti Endpoint Manager Mobile (EPMM) and MobileIron Core Authentication Bypass Vulnerability: Ivanti Endpoint Manager Mobile (EPMM) and MobileIron Core contain an authentication bypass vulnerability that allows unauthorized users to access restricted functionality or resources of the application.

Related CWE: CWE-287

Known To Be Used in Ransomware Campaigns? Known

Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Date Added: 2024-01-18
Due Date: 2024-02-08

Additional Notes

Ivanti | Connect Secure and Policy Secure

CVE-2024-21887

Ivanti Connect Secure and Policy Secure Command Injection Vulnerability: Ivanti Connect Secure (ICS, formerly known as Pulse Connect Secure) and Ivanti Policy Secure contain a command injection vulnerability in the web components of these products, which can allow an authenticated administrator to send crafted requests to execute code on affected appliances. This vulnerability can be leveraged in conjunction with CVE-2023-46805, an authenticated bypass issue.

Related CWE: CWE-77

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Date Added: 2024-01-10
Due Date: 2024-01-22

Additional Notes

Ivanti | Connect Secure and Policy Secure

CVE-2023-46805

Ivanti Connect Secure and Policy Secure Authentication Bypass Vulnerability: Ivanti Connect Secure (ICS, formerly known as Pulse Connect Secure) and Ivanti Policy Secure gateways contain an authentication bypass vulnerability in the web component that allows an attacker to access restricted resources by bypassing control checks. This vulnerability can be leveraged in conjunction with CVE-2024-21887, a command injection vulnerability.

Related CWE: CWE-287

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Date Added: 2024-01-10
Due Date: 2024-01-22

Additional Notes

Ivanti | Sentry

CVE-2023-38035

Ivanti Sentry Authentication Bypass Vulnerability: Ivanti Sentry, formerly known as MobileIron Sentry, contains an authentication bypass vulnerability that may allow an attacker to bypass authentication controls on the administrative interface due to an insufficiently restrictive Apache HTTPD configuration.

Related CWE: CWE-863

Known To Be Used in Ransomware Campaigns? Known

Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Date Added: 2023-08-22
Due Date: 2023-09-12

Additional Notes

Ivanti | Endpoint Manager Mobile (EPMM)

CVE-2023-35081

Ivanti Endpoint Manager Mobile (EPMM) Path Traversal Vulnerability: Ivanti Endpoint Manager Mobile (EPMM) contains a path traversal vulnerability that enables an authenticated administrator to perform malicious file writes to the EPMM server. This vulnerability can be used in conjunction with CVE-2023-35078 to bypass authentication and ACLs restrictions (if applicable).

Related CWE: CWE-22

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Date Added: 2023-07-31
Due Date: 2023-08-21

Additional Notes

Ivanti | Endpoint Manager Mobile (EPMM)

CVE-2023-35078

Ivanti Endpoint Manager Mobile Authentication Bypass Vulnerability: Ivanti Endpoint Manager Mobile (EPMM, previously branded MobileIron Core) contains an authentication bypass vulnerability that allows unauthenticated access to specific API paths. An attacker with access to these API paths can access personally identifiable information (PII) such as names, phone numbers, and other mobile device details for users on a vulnerable system. An attacker can also make other configuration changes including installing software and modifying security profiles on registered devices.

Related CWE: CWE-287

Known To Be Used in Ransomware Campaigns? Known

Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Date Added: 2023-07-25
Due Date: 2023-08-15

Additional Notes

VMware | Tools

CVE-2023-20867

VMware Tools Authentication Bypass Vulnerability: VMware Tools contains an authentication bypass vulnerability in the vgauth module. A fully compromised ESXi host can force VMware Tools to fail to authenticate host-to-guest operations, impacting the confidentiality and integrity of the guest virtual machine. An attacker must have root access over ESXi to exploit this vulnerability.

Related CWE: CWE-287

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2023-06-23
Due Date: 2023-07-14

Additional Notes

VMware | Aria Operations for Networks

CVE-2023-20887

Vmware Aria Operations for Networks Command Injection Vulnerability: VMware Aria Operations for Networks (formerly vRealize Network Insight) contains a command injection vulnerability that allows a malicious actor with network access to perform an attack resulting in remote code execution.

Related CWE: CWE-77

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2023-06-22
Due Date: 2023-07-13

Additional Notes

VMware | Spring Cloud Gateway

CVE-2022-22947

VMware Spring Cloud Gateway Code Injection Vulnerability: Spring Cloud Gateway applications are vulnerable to a code injection attack when the Gateway Actuator endpoint is enabled, exposed and unsecured.

Related CWE: CWE-94

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2022-05-16
Due Date: 2022-06-06

Additional Notes

VMware | Multiple Products

CVE-2022-22960

VMware Multiple Products Privilege Escalation Vulnerability: VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a privilege escalation vulnerability due to improper permissions in support scripts.

Related CWE: CWE-250

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2022-04-15
Due Date: 2022-05-06

Additional Notes

VMware | Workspace ONE Access and Identity Manager

CVE-2022-22954

VMware Workspace ONE Access and Identity Manager Server-Side Template Injection Vulnerability: VMware Workspace ONE Access and Identity Manager allow for remote code execution due to server-side template injection.

Related CWE: CWE-94

Known To Be Used in Ransomware Campaigns? Known

Action: Apply updates per vendor instructions.

Date Added: 2022-04-14
Due Date: 2022-05-05

Additional Notes

VMware | Spring Framework

CVE-2022-22965

Spring Framework JDK 9+ Remote Code Execution Vulnerability: Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding.

Related CWE: CWE-94

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2022-04-04
Due Date: 2022-04-25

Additional Notes

VMware | SD-WAN Edge

CVE-2018-6961

VMware SD-WAN Edge by VeloCloud Command Injection Vulnerability: VMware SD-WAN Edge by VeloCloud contains a command injection vulnerability in the local web UI component. Successful exploitation of this issue could result in remote code execution.

Related CWE: CWE-78

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2022-03-25
Due Date: 2022-04-15

Additional Notes

VMware | vCenter Server and Cloud Foundation

CVE-2021-21973

VMware vCenter Server and Cloud Foundation Server Side Request Forgery (SSRF) Vulnerability: VMware vCenter Server and Cloud Foundation Server contain a SSRF vulnerability due to improper validation of URLs in a vCenter Server plugin. This allows for information disclosure.

Related CWEs: CWE-20| CWE-918

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2022-03-07
Due Date: 2022-03-21

Additional Notes

VMware | vRealize Operations Manager API

CVE-2021-21975

VMware Server Side Request Forgery in vRealize Operations Manager API: Server Side Request Forgery (SSRF) in vRealize Operations Manager API prior to 8.4 may allow a malicious actor with network access to the vRealize Operations Manager API to perform a SSRF attack to steal administrative credentials.

Related CWE: CWE-918

Known To Be Used in Ransomware Campaigns? Known

Action: Apply updates per vendor instructions.

Date Added: 2022-01-18
Due Date: 2022-02-01

Additional Notes

VMware | vCenter Server

CVE-2021-22017

VMware vCenter Server Improper Access Control: Rhttproxy as used in vCenter Server contains a vulnerability due to improper implementation of URI normalization.

Related CWE: CWE-23

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2022-01-10
Due Date: 2022-01-24

Additional Notes

Ivanti | Pulse Connect Secure

CVE-2020-8243

Ivanti Pulse Connect Secure Code Execution Vulnerability: Ivanti Pulse Connect Secure contains an unspecified vulnerability in the admin web interface that could allow an authenticated attacker to upload a custom template to perform code execution.

Related CWE: CWE-94

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2021-11-03
Due Date: 2021-04-23

Additional Notes

Known Exploited Vulnerabilities Catalog

Subscribe to the KEV Catalog Updates