Endpoint Manager@* Security Vulnerabilities and Issues — Endpoint Manager@* CVE List

Lucene search

IvantiEndpoint Manager*

5 matches found

CVE•added 2020/11/16 4:15 p.m.•35 views

CVE-2020-13769

LDMS/alert_log.aspx in Ivanti Endpoint Manager through 2020.1 allows SQL Injection via a /remotecontrolauth/api/device request.

8.8CVSS9AI score0.0584EPSS

CVE•added 2020/11/16 4:15 p.m.•32 views

CVE-2020-13772

In /ldclient/ldprov.cgi in Ivanti Endpoint Manager through 2020.1.1, an attacker is able to disclose information about the server operating system, local pathnames, and environment variables with no authentication required.

5.3CVSS5.1AI score0.01978EPSS

CVE•added 2020/11/12 6:15 p.m.•30 views

CVE-2020-13770

Several services are accessing named pipes in Ivanti Endpoint Manager through 2020.1.1 with default or overly permissive security attributes; as these services run as user ‘NT AUTHORITY\SYSTEM’, the issue can be used to escalate privileges from a local standard or service account having SeImpersona...

7.8CVSS7.6AI score0.00105EPSS

CVE•added 2020/11/12 6:15 p.m.•28 views

CVE-2020-13771

Various components in Ivanti Endpoint Manager through 2020.1.1 rely on Windows search order when loading a (nonexistent) library file, allowing (under certain conditions) one to gain code execution (and elevation of privileges to the level of privilege held by the vulnerable component such as NT AU...

7.8CVSS8AI score0.00061EPSS

CVE•added 2020/11/16 4:15 p.m.•26 views

CVE-2020-13773

Ivanti Endpoint Manager through 2020.1.1 allows XSS via /LDMS/frm_splitfrm.aspx, /LDMS/licensecheck.aspx, /LDMS/frm_splitcollapse.aspx, /LDMS/alert_log.aspx, /LDMS/ServerList.aspx, /LDMS/frm_coremainfrm.aspx, /LDMS/frm_findfrm.aspx, /LDMS/frm_taskfrm.aspx, and /LDMS/query_browsecomp.aspx.

5.4CVSS5.2AI score0.00136EPSS