Endpoint Manager Security Vulnerabilities and Issues — Endpoint Manager CVE List

Lucene search

IvantiEndpoint Manager

6 matches found

CVE•added 2025/04/08 3:15 p.m.•70 views

CVE-2025-22466

Reflected XSS in Ivanti Endpoint Manager before version 2024 SU1 or before version 2022 SU7 allows a remote unauthenticated attacker to obtain admin privileges. User interaction is required.

9.6CVSS6.4AI score0.00046EPSS

CVE•added 2025/04/08 3:15 p.m.•56 views

CVE-2025-22461

SQL injection in Ivanti Endpoint Manager before version 2024 SU1 or before version 2022 SU7 allows a remote authenticated attacker with admin privileges to achieve code execution.

7.2CVSS8.3AI score0.00602EPSS

CVE•added 2025/04/08 3:15 p.m.•54 views

CVE-2025-22465

Reflected XSS in Ivanti Endpoint Manager before version 2024 SU1 or before version 2022 SU7 allows a remote unauthenticated attacker to execute arbitrary javascript in a victim's browser. Unlikely user interaction is required.

6.1CVSS7AI score0.00039EPSS

CVE•added 2025/04/08 3:15 p.m.•52 views

CVE-2025-22459

Improper certificate validation in Ivanti Endpoint Manager before version 2024 SU1 or before version 2022 SU7 allows a remote unauthenticated attacker to intercept limited traffic between clients and servers.

4.8CVSS7.3AI score0.00051EPSS

CVE•added 2025/04/08 3:15 p.m.•51 views

CVE-2025-22464

An untrusted pointer dereference vulnerability in Ivanti Endpoint Manager before version 2024 SU1 or before version 2022 SU7 allows an attacker with local access to write arbitrary data into memory causing a denial-of-service condition.

6.1CVSS7AI score0.00062EPSS

CVE•added 2025/04/08 3:15 p.m.•50 views

CVE-2025-22458

DLL hijacking in Ivanti Endpoint Manager before version 2024 SU1 or before version 2022 SU7 allows an authenticated attacker to escalate to System.

7.8CVSS7.2AI score0.00069EPSS