📦

automation

Vendor: ivanti

Actively Exploited 0 CISA KEV List

PoC / Exploits 1 Code Available

Total RCEs 1 Remote Access

Total CVEs 2 Total Indexed

Avg. EPSS 0.18% Exploit Prob.

Latest CVE CVE-2025-27926 Mar 10

Security Vulnerability Index

Page 1 / 1

4.3 CVSS

CVE-2025-27926

In Nintex Automation 5.6 and 5.7 before 5.8, the K2 SmartForms Designer folder has configuration files (web.config) containing passwords that are readable by unauthorized users.

EPSS: 0.08%

Severity: MEDIUM

Mar 10, 2025

8.5 CVSS

CVE-2025-27925

RCE

Nintex Automation 5.6 and 5.7 before 5.8 has insecure deserialization of user input.

EPSS: 0.13%

Severity: HIGH

Mar 10, 2025

5.4 CVSS

CVE-2025-27924

Nintex Automation 5.6 and 5.7 before 5.8 has a stored XSS issue associated with the "Navigate to a URL" action.

EPSS: 0.10%

Severity: MEDIUM

Mar 10, 2025

7.8 CVSS

CVE-2024-9845

Under specific circumstances, insecure permissions in Ivanti Automation before version 2024.4.0.1 allows a local authenticated attacker to achieve local privilege escalation.

EPSS: 0.34%

Severity: HIGH

Dec 11, 2024

7.8 CVSS

CVE-2022-44569

Exploit Found

A locally authenticated attacker with low privileges can bypass authentication due to insecure inter-process communication.

EPSS: 0.24%

Severity: HIGH

Nov 03, 2023

Displaying 5 of 2 Total Entries

Total 1 Sections