CVE-2024-8322

Weak authentication in Patch Management of Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote authenticated attacker to access restricted functionality...

CVE-2024-8321

Missing authentication in Network Isolation of Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote unauthenticated attacker to isolate managed devices from the network...

Ivanti EPM Credential Coercion

This is a proof of concept exploit for Ivanti EPM vulnerabilities that allow for unauthenticated coercion of the Ivanti EPM machine credential for use in relay attacks...

CVE-2024-29825

An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an unauthenticated attacker within the same network to execute arbitrary code...

Ivanti EPM Absolute Path Traversal Vulnerability

Ivanti EPM is a comprehensive endpoint management solution developed by Ivanti. Ivanti EPM suffers from an absolute path traversal vulnerability that can be exploited by an attacker to obtain sensitive information...

Ivanti EPM Code Execution Vulnerability

Ivanti EPM is a comprehensive endpoint management solution developed by Ivanti. Ivanti EPM suffers from a code execution vulnerability that stems from the inclusion of an unrestricted resource search path. An attacker could exploit this vulnerability to achieve remote code execution...

Ivanti EPM Code Issue Vulnerability

Ivanti EPM is a comprehensive endpoint management solution developed by Ivanti. Ivanti EPM suffers from a code issue vulnerability that stems from the inclusion of an insufficient file name validation issue. An attacker could exploit this vulnerability to achieve remote code execution...

Ivanti EPM Out-of-Bounds Write Vulnerability

Ivanti EPM is a comprehensive endpoint management solution developed by Ivanti. Ivanti EPM suffers from an out-of-bounds write vulnerability that can be exploited by an attacker to cause a denial of service...

Ivanti EPM Out-of-Bounds Write Vulnerability (CNVD-2025-30750)

Ivanti EPM is a comprehensive endpoint management solution developed by Ivanti. Ivanti EPM suffers from an out-of-bounds write vulnerability that can be exploited by an attacker to cause a denial of service...

Ivanti EPM Out-of-Bounds Write Vulnerability (CNVD-2025-30751)

Ivanti EPM is a comprehensive endpoint management solution developed by Ivanti. Ivanti EPM suffers from an out-of-bounds write vulnerability that can be exploited by an attacker to cause a denial of service...

The vulnerability of the Ivanti EPM endpoint management software lies in its ability to download files of a malicious nature without limitation, allowing a hacker to execute remote code.

The vulnerability of the Ivanti EPM endpoint management software is related to the unlimited loading of dangerous files. Exploiting this vulnerability can allow a hacker to execute remote code...

The vulnerability of the Ivanti EPM endpoint management software, related to defects in the deserialization mechanism, allows a hacker to execute remote code.

The vulnerability of the Ivanti EPM endpoint management software is related to deficiencies in the deserialization mechanism. Exploiting this vulnerability allows an attacker to execute remote code...

CVE-2024-13172

Improper signature verification in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to achieve remote code execution. Local user interaction is required...

CVE-2024-13172

Improper signature verification in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to achieve remote code execution. Local user interaction is required...

CVE-2024-13171

Insufficient filename validation in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to achieve remote code execution. Local user interaction is required...

CVE-2024-13170

An out-of-bounds write in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to cause a denial of service...

CVE-2024-13169

An out-of-bounds read in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a local authenticated attacker to escalate their privileges...

CVE-2024-13168

An out-of-bounds write in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to cause a denial of service...

CVE-2024-13163

Deserialization of untrusted data in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to achieve remote code execution. Local user interaction is required...

CVE-2024-13163

Deserialization of untrusted data in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to achieve remote code execution. Local user interaction is required...