Endpoint Manager@2024 Security Vulnerabilities and Issues — Endpoint Manager@2024 CVE List

Lucene search

IvantiEndpoint Manager2024

58 matches found

CVE•added 2025/01/14 6:15 p.m.•157 views

CVE-2024-13159

Absolute path traversal in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to leak sensitive information.

9.8CVSS6.9AI score0.93884EPSS

CVE•added 2025/01/14 6:15 p.m.•153 views

CVE-2024-13161

Absolute path traversal in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to leak sensitive information.

9.8CVSS6.9AI score0.92138EPSS

CVE•added 2025/01/14 6:15 p.m.•149 views

CVE-2024-13160

Absolute path traversal in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to leak sensitive information.

9.8CVSS6.9AI score0.92967EPSS

CVE•added 2025/01/14 5:15 p.m.•82 views

CVE-2024-10811

Absolute path traversal in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to leak sensitive information.

9.8CVSS6.9AI score0.08067EPSS

CVE•added 2024/11/12 4:15 p.m.•82 views

CVE-2024-50330

SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote unauthenticated attacker to achieve remote code execution.

9.8CVSS10AI score0.23142EPSS

CVE•added 2024/09/12 2:15 a.m.•74 views

CVE-2024-29847

Deserialization of untrusted data in the agent portal of Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote unauthenticated attacker to achieve remote code execution.

10CVSS9.8AI score0.68282EPSS

CVE•added 2025/04/08 3:15 p.m.•70 views

CVE-2025-22466

Reflected XSS in Ivanti Endpoint Manager before version 2024 SU1 or before version 2022 SU7 allows a remote unauthenticated attacker to obtain admin privileges. User interaction is required.

9.6CVSS6.4AI score0.00046EPSS

CVE•added 2024/09/12 2:15 a.m.•59 views

CVE-2024-32848

An unspecified SQL injection in Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote authenticated attacker with admin privileges to achieve remote code execution.

9.1CVSS9.5AI score0.1843EPSS

CVE•added 2025/04/08 3:15 p.m.•56 views

CVE-2025-22461

SQL injection in Ivanti Endpoint Manager before version 2024 SU1 or before version 2022 SU7 allows a remote authenticated attacker with admin privileges to achieve code execution.

7.2CVSS8.3AI score0.00602EPSS

CVE•added 2024/09/12 2:15 a.m.•54 views

CVE-2024-32840

An unspecified SQL injection in Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote authenticated attacker with admin privileges to achieve remote code execution.

9.1CVSS9.5AI score0.17268EPSS

CVE•added 2025/04/08 3:15 p.m.•54 views

CVE-2025-22465

Reflected XSS in Ivanti Endpoint Manager before version 2024 SU1 or before version 2022 SU7 allows a remote unauthenticated attacker to execute arbitrary javascript in a victim's browser. Unlikely user interaction is required.

6.1CVSS7AI score0.00039EPSS

CVE•added 2024/09/12 2:15 a.m.•53 views

CVE-2024-32845

An unspecified SQL injection in Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote authenticated attacker with admin privileges to achieve remote code execution.

9.1CVSS9.5AI score0.17268EPSS

CVE•added 2024/09/12 2:15 a.m.•52 views

CVE-2024-32846

An unspecified SQL injection in Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote authenticated attacker with admin privileges to achieve remote code execution.

9.1CVSS9.5AI score0.09179EPSS

CVE•added 2024/07/29 6:15 a.m.•52 views

CVE-2024-37381

An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2024 flat allows an authenticated attacker within the same network to execute arbitrary code.

8.4CVSS8.6AI score0.00174EPSS

CVE•added 2025/04/08 3:15 p.m.•52 views

CVE-2025-22459

Improper certificate validation in Ivanti Endpoint Manager before version 2024 SU1 or before version 2022 SU7 allows a remote unauthenticated attacker to intercept limited traffic between clients and servers.

4.8CVSS7.3AI score0.00051EPSS

CVE•added 2024/11/13 2:15 a.m.•51 views

CVE-2024-32839

SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote authenticated attacker with admin privileges to achieve remote code execution.

7.2CVSS8.5AI score0.1095EPSS

CVE•added 2025/04/08 3:15 p.m.•51 views

CVE-2025-22464

An untrusted pointer dereference vulnerability in Ivanti Endpoint Manager before version 2024 SU1 or before version 2022 SU7 allows an attacker with local access to write arbitrary data into memory causing a denial-of-service condition.

6.1CVSS7AI score0.00062EPSS

CVE•added 2024/09/12 2:15 a.m.•50 views

CVE-2024-32842

An unspecified SQL injection in Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote authenticated attacker with admin privileges to achieve remote code execution.

9.1CVSS9.5AI score0.09179EPSS

CVE•added 2024/09/12 2:15 a.m.•50 views

CVE-2024-32843

An unspecified SQL injection in Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote authenticated attacker with admin privileges to achieve remote code execution.

9.1CVSS9.5AI score0.09179EPSS

CVE•added 2025/04/08 3:15 p.m.•50 views

CVE-2025-22458

DLL hijacking in Ivanti Endpoint Manager before version 2024 SU1 or before version 2022 SU7 allows an authenticated attacker to escalate to System.

7.8CVSS7.2AI score0.00069EPSS

CVE•added 2024/11/13 2:15 a.m.•46 views

CVE-2024-34781

7.2CVSS8.5AI score0.2147EPSS

CVE•added 2024/11/13 2:15 a.m.•46 views

CVE-2024-34782

7.2CVSS8.5AI score0.1095EPSS

CVE•added 2025/01/14 6:15 p.m.•45 views

CVE-2024-13162

SQL injection in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote authenticated attacker with admin privileges to achieve remote code execution. This CVE addresses incomplete fixes from CVE-2024-32848.

7.2CVSS8.2AI score0.1843EPSS

CVE•added 2024/11/13 2:15 a.m.•45 views

CVE-2024-32841

7.2CVSS8.5AI score0.1095EPSS

CVE•added 2024/09/12 2:15 a.m.•45 views

CVE-2024-34785

An unspecified SQL injection in Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote authenticated attacker with admin privileges to achieve remote code execution.

9.1CVSS9.5AI score0.17268EPSS

CVE•added 2024/09/10 9:15 p.m.•45 views

CVE-2024-8191

SQL injection in the management console of Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote unauthenticated attacker to achieve remote code execution.

9.8CVSS8.7AI score0.09042EPSS

CVE•added 2024/09/10 9:15 p.m.•45 views

CVE-2024-8320

Missing authentication in Network Isolation of Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote unauthenticated attacker to spoof Network Isolation status of managed devices.

5.3CVSS7.3AI score0.00847EPSS

CVE•added 2025/01/14 6:15 p.m.•44 views

CVE-2024-13169

An out-of-bounds read in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a local authenticated attacker to escalate their privileges.

7.8CVSS6.7AI score0.00113EPSS

CVE•added 2025/01/14 6:15 p.m.•43 views

CVE-2024-13172

Improper signature verification in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to achieve remote code execution. Local user interaction is required.

7.8CVSS7.8AI score0.00032EPSS

CVE•added 2024/11/13 2:15 a.m.•43 views

CVE-2024-32847

7.2CVSS8.5AI score0.1095EPSS

CVE•added 2024/11/13 2:15 a.m.•43 views

CVE-2024-37376

7.2CVSS8.5AI score0.1095EPSS

CVE•added 2024/11/12 4:15 p.m.•43 views

CVE-2024-50327

7.2CVSS7.5AI score0.14172EPSS

CVE•added 2025/01/14 6:15 p.m.•42 views

CVE-2024-13171

Insufficient filename validation in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to achieve remote code execution. Local user interaction is required.

7.8CVSS7.8AI score0.00103EPSS

CVE•added 2024/09/12 2:15 a.m.•42 views

CVE-2024-34779

An unspecified SQL injection in Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote authenticated attacker with admin privileges to achieve remote code execution.

9.1CVSS9.5AI score0.17268EPSS

CVE•added 2024/11/12 4:15 p.m.•42 views

CVE-2024-50329

Path traversal in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote unauthenticated attacker to achieve remote code execution. User interaction is required.

8.8CVSS9AI score0.10551EPSS

CVE•added 2025/01/14 6:15 p.m.•41 views

CVE-2024-13165

An out-of-bounds write in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to cause a denial of service.

7.5CVSS7.2AI score0.01745EPSS

CVE•added 2025/01/14 6:15 p.m.•41 views

CVE-2024-13167

An out-of-bounds write in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to cause a denial of service.

7.5CVSS7.2AI score0.01745EPSS

CVE•added 2024/11/13 2:15 a.m.•41 views

CVE-2024-34780

7.2CVSS8.5AI score0.1095EPSS

CVE•added 2024/09/12 2:15 a.m.•41 views

CVE-2024-34783

An unspecified SQL injection in Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote authenticated attacker with admin privileges to achieve remote code execution.

9.1CVSS9.5AI score0.17268EPSS

CVE•added 2024/11/13 2:15 a.m.•41 views

CVE-2024-34784

7.2CVSS8.5AI score0.1095EPSS

CVE•added 2024/11/13 2:15 a.m.•41 views

CVE-2024-34787

Path traversal in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a local unauthenticated attacker to achieve code execution. User interaction is required.

7.8CVSS7.5AI score0.00141EPSS

CVE•added 2024/11/13 2:15 a.m.•40 views

CVE-2024-32844

7.2CVSS8.5AI score0.1095EPSS

CVE•added 2024/11/12 4:15 p.m.•40 views

CVE-2024-50324

Path traversal in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote authenticated attacker with admin privileges to achieve remote code execution.

7.2CVSS7.2AI score0.38906EPSS

CVE•added 2024/11/12 4:15 p.m.•40 views

CVE-2024-50326

7.2CVSS7.5AI score0.26671EPSS

CVE•added 2024/11/12 4:15 p.m.•40 views

CVE-2024-50328

7.2CVSS7.5AI score0.15173EPSS

CVE•added 2024/09/10 9:15 p.m.•40 views

CVE-2024-8441

An uncontrolled search path in the agent of Ivanti EPM before 2022 SU6, or the 2024 September update allows a local authenticated attacker with admin privileges to escalate their privileges to SYSTEM.

6.7CVSS6.5AI score0.00266EPSS

CVE•added 2025/01/14 6:15 p.m.•39 views

CVE-2024-13163

Deserialization of untrusted data in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to achieve remote code execution. Local user interaction is required.

7.8CVSS7.8AI score0.01108EPSS

CVE•added 2024/11/12 4:15 p.m.•39 views

CVE-2024-50322

7.8CVSS7.8AI score0.00179EPSS

CVE•added 2025/01/14 6:15 p.m.•38 views

CVE-2024-13166

An out-of-bounds write in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to cause a denial of service.

7.5CVSS7.2AI score0.01745EPSS

CVE•added 2025/01/14 6:15 p.m.•36 views

CVE-2024-13164

An uninitialized resource in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a local authenticated attacker to escalate their privileges.

7.8CVSS6.8AI score0.00113EPSS

Total number of security vulnerabilities58