Endpoint Manager@2024 Security Vulnerabilities and Issues — Endpoint Manager@2024 CVE List

Lucene search

IvantiEndpoint Manager2024

34 matches found

CVE•added 2024/11/12 4:15 p.m.•82 views

CVE-2024-50330

SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote unauthenticated attacker to achieve remote code execution.

9.8CVSS10AI score0.23142EPSS

CVE•added 2024/09/12 2:15 a.m.•74 views

CVE-2024-29847

Deserialization of untrusted data in the agent portal of Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote unauthenticated attacker to achieve remote code execution.

10CVSS9.8AI score0.68282EPSS

CVE•added 2024/09/12 2:15 a.m.•59 views

CVE-2024-32848

An unspecified SQL injection in Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote authenticated attacker with admin privileges to achieve remote code execution.

9.1CVSS9.5AI score0.1843EPSS

CVE•added 2024/09/12 2:15 a.m.•54 views

CVE-2024-32840

An unspecified SQL injection in Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote authenticated attacker with admin privileges to achieve remote code execution.

9.1CVSS9.5AI score0.17268EPSS

CVE•added 2024/09/12 2:15 a.m.•53 views

CVE-2024-32845

An unspecified SQL injection in Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote authenticated attacker with admin privileges to achieve remote code execution.

9.1CVSS9.5AI score0.17268EPSS

CVE•added 2024/09/12 2:15 a.m.•52 views

CVE-2024-32846

An unspecified SQL injection in Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote authenticated attacker with admin privileges to achieve remote code execution.

9.1CVSS9.5AI score0.09179EPSS

CVE•added 2024/07/29 6:15 a.m.•52 views

CVE-2024-37381

An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2024 flat allows an authenticated attacker within the same network to execute arbitrary code.

8.4CVSS8.6AI score0.00174EPSS

CVE•added 2024/11/13 2:15 a.m.•51 views

CVE-2024-32839

SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote authenticated attacker with admin privileges to achieve remote code execution.

7.2CVSS8.5AI score0.1095EPSS

CVE•added 2024/09/12 2:15 a.m.•50 views

CVE-2024-32842

An unspecified SQL injection in Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote authenticated attacker with admin privileges to achieve remote code execution.

9.1CVSS9.5AI score0.09179EPSS

CVE•added 2024/09/12 2:15 a.m.•50 views

CVE-2024-32843

An unspecified SQL injection in Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote authenticated attacker with admin privileges to achieve remote code execution.

9.1CVSS9.5AI score0.09179EPSS

CVE•added 2024/11/13 2:15 a.m.•46 views

CVE-2024-34781

7.2CVSS8.5AI score0.2147EPSS

CVE•added 2024/11/13 2:15 a.m.•46 views

CVE-2024-34782

7.2CVSS8.5AI score0.1095EPSS

CVE•added 2024/11/13 2:15 a.m.•45 views

CVE-2024-32841

7.2CVSS8.5AI score0.1095EPSS

CVE•added 2024/09/12 2:15 a.m.•45 views

CVE-2024-34785

An unspecified SQL injection in Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote authenticated attacker with admin privileges to achieve remote code execution.

9.1CVSS9.5AI score0.17268EPSS

CVE•added 2024/09/10 9:15 p.m.•45 views

CVE-2024-8191

SQL injection in the management console of Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote unauthenticated attacker to achieve remote code execution.

9.8CVSS8.7AI score0.09042EPSS

CVE•added 2024/09/10 9:15 p.m.•45 views

CVE-2024-8320

Missing authentication in Network Isolation of Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote unauthenticated attacker to spoof Network Isolation status of managed devices.

5.3CVSS7.3AI score0.00847EPSS

CVE•added 2024/11/13 2:15 a.m.•43 views

CVE-2024-32847

7.2CVSS8.5AI score0.1095EPSS

CVE•added 2024/11/13 2:15 a.m.•43 views

CVE-2024-37376

7.2CVSS8.5AI score0.1095EPSS

CVE•added 2024/11/12 4:15 p.m.•43 views

CVE-2024-50327

7.2CVSS7.5AI score0.14172EPSS

CVE•added 2024/09/12 2:15 a.m.•42 views

CVE-2024-34779

An unspecified SQL injection in Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote authenticated attacker with admin privileges to achieve remote code execution.

9.1CVSS9.5AI score0.17268EPSS

CVE•added 2024/11/12 4:15 p.m.•42 views

CVE-2024-50329

Path traversal in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote unauthenticated attacker to achieve remote code execution. User interaction is required.

8.8CVSS9AI score0.10551EPSS

CVE•added 2024/11/13 2:15 a.m.•41 views

CVE-2024-34780

7.2CVSS8.5AI score0.1095EPSS

CVE•added 2024/09/12 2:15 a.m.•41 views

CVE-2024-34783

An unspecified SQL injection in Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote authenticated attacker with admin privileges to achieve remote code execution.

9.1CVSS9.5AI score0.17268EPSS

CVE•added 2024/11/13 2:15 a.m.•41 views

CVE-2024-34784

7.2CVSS8.5AI score0.1095EPSS

CVE•added 2024/11/13 2:15 a.m.•41 views

CVE-2024-34787

Path traversal in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a local unauthenticated attacker to achieve code execution. User interaction is required.

7.8CVSS7.5AI score0.00141EPSS

CVE•added 2024/11/13 2:15 a.m.•40 views

CVE-2024-32844

7.2CVSS8.5AI score0.1095EPSS

CVE•added 2024/11/12 4:15 p.m.•40 views

CVE-2024-50324

Path traversal in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote authenticated attacker with admin privileges to achieve remote code execution.

7.2CVSS7.2AI score0.38906EPSS

CVE•added 2024/11/12 4:15 p.m.•40 views

CVE-2024-50326

7.2CVSS7.5AI score0.26671EPSS

CVE•added 2024/11/12 4:15 p.m.•40 views

CVE-2024-50328

7.2CVSS7.5AI score0.15173EPSS

CVE•added 2024/09/10 9:15 p.m.•40 views

CVE-2024-8441

An uncontrolled search path in the agent of Ivanti EPM before 2022 SU6, or the 2024 September update allows a local authenticated attacker with admin privileges to escalate their privileges to SYSTEM.

6.7CVSS6.5AI score0.00266EPSS

CVE•added 2024/11/12 4:15 p.m.•39 views

CVE-2024-50322

7.8CVSS7.8AI score0.00179EPSS

CVE•added 2024/09/10 9:15 p.m.•36 views

CVE-2024-8322

Weak authentication in Patch Management of Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote authenticated attacker to access restricted functionality.

8.8CVSS4.6AI score0.00621EPSS

CVE•added 2024/09/10 9:15 p.m.•35 views

CVE-2024-8321

Missing authentication in Network Isolation of Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote unauthenticated attacker to isolate managed devices from the network.

8.6CVSS7.4AI score0.00186EPSS

CVE•added 2024/11/12 4:15 p.m.•34 views

CVE-2024-50323

SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a local unauthenticated attacker to achieve code execution. User interaction is required.

7.8CVSS8.1AI score0.00354EPSS