Lucene search

K
IvantiEndpoint Manager

91 matches found

CVE
CVE
added 2023/09/21 9:15 p.m.2483 views

CVE-2023-38344

An issue was discovered in Ivanti Endpoint Manager before 2022 SU4. A file disclosure vulnerability exists in the GetFileContents SOAP action exposed via /landesk/managementsuite/core/core.secure/OsdScript.asmx. The application does not sufficiently restrict user-supplied paths, allowing for an aut...

6.5CVSS6.3AI score0.0084EPSS
CVE
CVE
added 2021/12/08 10:15 p.m.157 views

CVE-2021-44529

A code injection vulnerability in the Ivanti EPM Cloud Services Appliance (CSA) allows an unauthenticated user to execute arbitrary code with limited permissions (nobody).

9.8CVSS9.6AI score0.94461EPSS
CVE
CVE
added 2025/01/14 6:15 p.m.154 views

CVE-2024-13159

Absolute path traversal in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to leak sensitive information.

9.8CVSS6.9AI score0.93884EPSS
CVE
CVE
added 2024/05/31 6:15 p.m.152 views

CVE-2024-29824

An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an unauthenticated attacker within the same network to execute arbitrary code.

9.6CVSS9AI score0.94317EPSS
CVE
CVE
added 2025/01/14 6:15 p.m.150 views

CVE-2024-13161

Absolute path traversal in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to leak sensitive information.

9.8CVSS6.9AI score0.92138EPSS
CVE
CVE
added 2025/01/14 6:15 p.m.146 views

CVE-2024-13160

Absolute path traversal in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to leak sensitive information.

9.8CVSS6.9AI score0.92967EPSS
CVE
CVE
added 2025/01/14 5:15 p.m.82 views

CVE-2024-10811

Absolute path traversal in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to leak sensitive information.

9.8CVSS6.9AI score0.08067EPSS
CVE
CVE
added 2024/11/12 4:15 p.m.82 views

CVE-2024-50330

SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote unauthenticated attacker to achieve remote code execution.

9.8CVSS10AI score0.23142EPSS
CVE
CVE
added 2024/09/12 2:15 a.m.77 views

CVE-2024-37397

An External XML Entity (XXE) vulnerability in the provisioning web service of Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote unauthenticated attacker to leak API secrets.

8.2CVSS8.2AI score0.048EPSS
CVE
CVE
added 2024/09/12 2:15 a.m.74 views

CVE-2024-29847

Deserialization of untrusted data in the agent portal of Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote unauthenticated attacker to achieve remote code execution.

10CVSS9.8AI score0.68282EPSS
CVE
CVE
added 2025/04/08 3:15 p.m.70 views

CVE-2025-22466

Reflected XSS in Ivanti Endpoint Manager before version 2024 SU1 or before version 2022 SU7 allows a remote unauthenticated attacker to obtain admin privileges. User interaction is required.

9.6CVSS6.4AI score0.00046EPSS
CVE
CVE
added 2022/12/05 10:15 p.m.59 views

CVE-2022-27773

A privilege escalation vulnerability is identified in Ivanti EPM (LANDesk Management Suite) that allows a user to execute commands with elevated privileges.

9.8CVSS9.6AI score0.00443EPSS
CVE
CVE
added 2024/09/12 2:15 a.m.59 views

CVE-2024-32848

An unspecified SQL injection in Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote authenticated attacker with admin privileges to achieve remote code execution.

9.1CVSS9.5AI score0.1843EPSS
CVE
CVE
added 2025/04/08 3:15 p.m.56 views

CVE-2025-22461

SQL injection in Ivanti Endpoint Manager before version 2024 SU1 or before version 2022 SU7 allows a remote authenticated attacker with admin privileges to achieve code execution.

7.2CVSS8.3AI score0.00602EPSS
CVE
CVE
added 2024/09/12 2:15 a.m.54 views

CVE-2024-32840

An unspecified SQL injection in Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote authenticated attacker with admin privileges to achieve remote code execution.

9.1CVSS9.5AI score0.17268EPSS
CVE
CVE
added 2025/04/08 3:15 p.m.54 views

CVE-2025-22465

Reflected XSS in Ivanti Endpoint Manager before version 2024 SU1 or before version 2022 SU7 allows a remote unauthenticated attacker to execute arbitrary javascript in a victim's browser. Unlikely user interaction is required.

6.1CVSS7AI score0.00039EPSS
CVE
CVE
added 2024/09/12 2:15 a.m.53 views

CVE-2024-32845

An unspecified SQL injection in Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote authenticated attacker with admin privileges to achieve remote code execution.

9.1CVSS9.5AI score0.17268EPSS
CVE
CVE
added 2024/05/31 6:15 p.m.52 views

CVE-2024-29822

An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an unauthenticated attacker within the same network to execute arbitrary code.

9.6CVSS9AI score0.0029EPSS
CVE
CVE
added 2024/09/12 2:15 a.m.52 views

CVE-2024-32846

An unspecified SQL injection in Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote authenticated attacker with admin privileges to achieve remote code execution.

9.1CVSS9.5AI score0.09179EPSS
CVE
CVE
added 2024/07/29 6:15 a.m.52 views

CVE-2024-37381

An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2024 flat allows an authenticated attacker within the same network to execute arbitrary code.

8.4CVSS8.6AI score0.00174EPSS
CVE
CVE
added 2025/04/08 3:15 p.m.52 views

CVE-2025-22459

Improper certificate validation in Ivanti Endpoint Manager before version 2024 SU1 or before version 2022 SU7 allows a remote unauthenticated attacker to intercept limited traffic between clients and servers.

4.8CVSS7.3AI score0.00051EPSS
CVE
CVE
added 2024/01/09 2:15 a.m.51 views

CVE-2023-39336

An unspecified SQL Injection vulnerability in Ivanti Endpoint Manager released prior to 2022 SU 5 allows an attacker with access to the internal network to execute arbitrary SQL queries and retrieve output without the need for authentication. Under specific circumstances, this may also lead to RCE ...

9.6CVSS9.7AI score0.00875EPSS
CVE
CVE
added 2024/11/13 2:15 a.m.51 views

CVE-2024-32839

SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote authenticated attacker with admin privileges to achieve remote code execution.

7.2CVSS8.5AI score0.1095EPSS
CVE
CVE
added 2025/04/08 3:15 p.m.51 views

CVE-2025-22464

An untrusted pointer dereference vulnerability in Ivanti Endpoint Manager before version 2024 SU1 or before version 2022 SU7 allows an attacker with local access to write arbitrary data into memory causing a denial-of-service condition.

6.1CVSS7AI score0.00062EPSS
CVE
CVE
added 2024/09/12 2:15 a.m.50 views

CVE-2024-32842

An unspecified SQL injection in Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote authenticated attacker with admin privileges to achieve remote code execution.

9.1CVSS9.5AI score0.09179EPSS
CVE
CVE
added 2024/09/12 2:15 a.m.50 views

CVE-2024-32843

An unspecified SQL injection in Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote authenticated attacker with admin privileges to achieve remote code execution.

9.1CVSS9.5AI score0.09179EPSS
CVE
CVE
added 2025/04/08 3:15 p.m.50 views

CVE-2025-22458

DLL hijacking in Ivanti Endpoint Manager before version 2024 SU1 or before version 2022 SU7 allows an authenticated attacker to escalate to System.

7.8CVSS7.2AI score0.00069EPSS
CVE
CVE
added 2023/07/21 9:15 p.m.48 views

CVE-2023-35077

An out-of-bounds write vulnerability on windows operating systems causes the Ivanti AntiVirus Product to crash. Update to Ivanti AV Product version 7.9.1.285 or above.

8.1CVSS8.2AI score0.01048EPSS
CVE
CVE
added 2023/10/18 4:15 a.m.48 views

CVE-2023-35083

Allows an authenticated attacker with network access to read arbitrary files on Endpoint Manager recently discovered on 2022 SU3 and all previous versions potentially leading to the leakage of sensitive information.

6.5CVSS6.3AI score0.01167EPSS
CVE
CVE
added 2024/11/13 2:15 a.m.46 views

CVE-2024-34781

SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote authenticated attacker with admin privileges to achieve remote code execution.

7.2CVSS8.5AI score0.2147EPSS
CVE
CVE
added 2024/11/13 2:15 a.m.46 views

CVE-2024-34782

SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote authenticated attacker with admin privileges to achieve remote code execution.

7.2CVSS8.5AI score0.1095EPSS
CVE
CVE
added 2020/11/12 8:15 p.m.45 views

CVE-2020-13774

An unrestricted file-upload issue in EditLaunchPadDialog.aspx in Ivanti Endpoint Manager 2019.1 and 2020.1 allows an authenticated attacker to gain remote code execution by uploading a malicious aspx file. The issue is caused by insufficient file extension validation and insecure file operations on...

9.9CVSS9.4AI score0.0594EPSS
CVE
CVE
added 2025/01/14 6:15 p.m.45 views

CVE-2024-13162

SQL injection in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote authenticated attacker with admin privileges to achieve remote code execution. This CVE addresses incomplete fixes from CVE-2024-32848.

7.2CVSS8.2AI score0.1843EPSS
CVE
CVE
added 2024/11/13 2:15 a.m.45 views

CVE-2024-32841

SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote authenticated attacker with admin privileges to achieve remote code execution.

7.2CVSS8.5AI score0.1095EPSS
CVE
CVE
added 2024/09/12 2:15 a.m.45 views

CVE-2024-34785

An unspecified SQL injection in Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote authenticated attacker with admin privileges to achieve remote code execution.

9.1CVSS9.5AI score0.17268EPSS
CVE
CVE
added 2024/09/10 9:15 p.m.45 views

CVE-2024-8191

SQL injection in the management console of Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote unauthenticated attacker to achieve remote code execution.

9.8CVSS8.7AI score0.09042EPSS
CVE
CVE
added 2024/09/10 9:15 p.m.45 views

CVE-2024-8320

Missing authentication in Network Isolation of Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote unauthenticated attacker to spoof Network Isolation status of managed devices.

5.3CVSS7.3AI score0.00847EPSS
CVE
CVE
added 2022/12/05 10:15 p.m.44 views

CVE-2022-35259

XML Injection with Endpoint Manager 2022. 3 and below causing a download of a malicious file to run and possibly execute to gain unauthorized privileges.

7.8CVSS8AI score0.00308EPSS
CVE
CVE
added 2025/01/14 6:15 p.m.44 views

CVE-2024-13169

An out-of-bounds read in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a local authenticated attacker to escalate their privileges.

7.8CVSS6.7AI score0.00113EPSS
CVE
CVE
added 2025/01/14 6:15 p.m.43 views

CVE-2024-13172

Improper signature verification in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to achieve remote code execution. Local user interaction is required.

7.8CVSS7.8AI score0.00032EPSS
CVE
CVE
added 2024/11/13 2:15 a.m.43 views

CVE-2024-32847

SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote authenticated attacker with admin privileges to achieve remote code execution.

7.2CVSS8.5AI score0.1095EPSS
CVE
CVE
added 2024/11/13 2:15 a.m.43 views

CVE-2024-37376

SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote authenticated attacker with admin privileges to achieve remote code execution.

7.2CVSS8.5AI score0.1095EPSS
CVE
CVE
added 2024/11/12 4:15 p.m.43 views

CVE-2024-50327

SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote authenticated attacker with admin privileges to achieve remote code execution.

7.2CVSS7.5AI score0.14172EPSS
CVE
CVE
added 2025/01/14 6:15 p.m.42 views

CVE-2024-13171

Insufficient filename validation in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to achieve remote code execution. Local user interaction is required.

7.8CVSS7.8AI score0.00103EPSS
CVE
CVE
added 2024/05/31 6:15 p.m.42 views

CVE-2024-29823

An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an unauthenticated attacker within the same network to execute arbitrary code.

9.6CVSS9AI score0.01329EPSS
CVE
CVE
added 2024/09/12 2:15 a.m.42 views

CVE-2024-34779

An unspecified SQL injection in Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote authenticated attacker with admin privileges to achieve remote code execution.

9.1CVSS9.5AI score0.17268EPSS
CVE
CVE
added 2024/11/12 4:15 p.m.42 views

CVE-2024-50329

Path traversal in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote unauthenticated attacker to achieve remote code execution. User interaction is required.

8.8CVSS9AI score0.10551EPSS
CVE
CVE
added 2025/01/14 6:15 p.m.41 views

CVE-2024-13165

An out-of-bounds write in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to cause a denial of service.

7.5CVSS7.2AI score0.01745EPSS
CVE
CVE
added 2025/01/14 6:15 p.m.41 views

CVE-2024-13167

An out-of-bounds write in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to cause a denial of service.

7.5CVSS7.2AI score0.01745EPSS
CVE
CVE
added 2024/05/31 6:15 p.m.41 views

CVE-2024-29826

An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an unauthenticated attacker within the same network to execute arbitrary code.

9.6CVSS9AI score0.01329EPSS
Total number of security vulnerabilities91