Endpoint Manager Security Vulnerabilities and Issues — Endpoint Manager CVE List

Lucene search

IvantiEndpoint Manager

14 matches found

CVE•added 2024/09/12 2:15 a.m.•77 views

CVE-2024-37397

An External XML Entity (XXE) vulnerability in the provisioning web service of Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote unauthenticated attacker to leak API secrets.

8.2CVSS8.2AI score0.048EPSS

CVE•added 2024/07/29 6:15 a.m.•52 views

CVE-2024-37381

An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2024 flat allows an authenticated attacker within the same network to execute arbitrary code.

8.4CVSS8.6AI score0.00174EPSS

CVE•added 2023/07/21 9:15 p.m.•48 views

CVE-2023-35077

An out-of-bounds write vulnerability on windows operating systems causes the Ivanti AntiVirus Product to crash. Update to Ivanti AV Product version 7.9.1.285 or above.

8.1CVSS8.2AI score0.01048EPSS

CVE•added 2024/11/12 4:15 p.m.•42 views

CVE-2024-50329

Path traversal in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote unauthenticated attacker to achieve remote code execution. User interaction is required.

8.8CVSS9AI score0.10551EPSS

CVE•added 2017/12/11 6:29 a.m.•38 views

CVE-2017-11463

In Ivanti Service Desk (formerly LANDESK Management Suite) versions between 2016.3 and 2017.3, an Unrestricted Direct Object Reference leads to referencing/updating objects belonging to other users. In other words, a normal user can send requests to a specific URI with the target user's username in...

8.8CVSS8.5AI score0.01156EPSS

CVE•added 2024/09/10 9:15 p.m.•36 views

CVE-2024-8322

Weak authentication in Patch Management of Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote authenticated attacker to access restricted functionality.

8.8CVSS4.6AI score0.00621EPSS

CVE•added 2020/11/16 4:15 p.m.•35 views

CVE-2020-13769

LDMS/alert_log.aspx in Ivanti Endpoint Manager through 2020.1 allows SQL Injection via a /remotecontrolauth/api/device request.

8.8CVSS9AI score0.0584EPSS

CVE•added 2024/09/10 9:15 p.m.•35 views

CVE-2024-8321

Missing authentication in Network Isolation of Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote unauthenticated attacker to isolate managed devices from the network.

8.6CVSS7.4AI score0.00186EPSS

CVE•added 2024/05/31 6:15 p.m.•32 views

CVE-2024-29830

An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an authenticated attacker within the same network to execute arbitrary code.

8.4CVSS8.7AI score0.00137EPSS

CVE•added 2024/05/31 6:15 p.m.•31 views

CVE-2024-29828

An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an authenticated attacker within the same network to execute arbitrary code.

8.4CVSS8.7AI score0.00137EPSS

CVE•added 2024/05/31 6:15 p.m.•31 views

CVE-2024-29846

An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an authenticated attacker within the same network to execute arbitrary code.

8.4CVSS8.7AI score0.00137EPSS

CVE•added 2024/05/31 6:15 p.m.•29 views

CVE-2024-29829

An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an authenticated attacker within the same network to execute arbitrary code.

8.4CVSS8.7AI score0.00137EPSS

CVE•added 2025/07/08 3:15 p.m.•7 views

CVE-2025-6995

Improper use of encryption in the agent of Ivanti Endpoint Manager before version 2024 SU3 and 2022 SU8 Security Update 1 allows a local authenticated attacker to decrypt other users’ passwords.

8.4CVSS6.7AI score0.00027EPSS

CVE•added 2025/07/08 3:15 p.m.•7 views

CVE-2025-6996

Improper use of encryption in the agent of Ivanti Endpoint Manager before version 2024 SU3 and 2022 SU8 Security Update 1 allows a local authenticated attacker to decrypt other users’ passwords.

8.4CVSS6.7AI score0.00027EPSS