Filtered by vendor Ivanti
Subscriptions
Filtered by product Endpoint Manager
Subscriptions
Total
116 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-29822 | 1 Ivanti | 1 Endpoint Manager | 2024-11-21 | 8.8 High |
| An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an unauthenticated attacker within the same network to execute arbitrary code. | ||||
| CVE-2023-38344 | 1 Ivanti | 1 Endpoint Manager | 2024-11-21 | 6.5 Medium |
| An issue was discovered in Ivanti Endpoint Manager before 2022 SU4. A file disclosure vulnerability exists in the GetFileContents SOAP action exposed via /landesk/managementsuite/core/core.secure/OsdScript.asmx. The application does not sufficiently restrict user-supplied paths, allowing for an authenticated attacker to read arbitrary files from a remote system, including the private key used to authenticate to agents for remote access. | ||||
| CVE-2023-38343 | 1 Ivanti | 1 Endpoint Manager | 2024-11-21 | 7.5 High |
| An XXE (XML external entity injection) vulnerability exists in the CSEP component of Ivanti Endpoint Manager before 2022 SU4. External entity references are enabled in the XML parser configuration. Exploitation of this vulnerability can lead to file disclosure or Server Side Request Forgery. | ||||
| CVE-2023-35084 | 1 Ivanti | 1 Endpoint Manager | 2024-11-21 | 9.8 Critical |
| Unsafe Deserialization of User Input could lead to Execution of Unauthorized Operations in Ivanti Endpoint Manager 2022 su3 and all previous versions, which could allow an attacker to execute commands remotely. | ||||
| CVE-2023-35083 | 1 Ivanti | 1 Endpoint Manager | 2024-11-21 | 6.5 Medium |
| Allows an authenticated attacker with network access to read arbitrary files on Endpoint Manager recently discovered on 2022 SU3 and all previous versions potentially leading to the leakage of sensitive information. | ||||
| CVE-2023-35077 | 2 Ivanti, Microsoft | 2 Endpoint Manager, Windows | 2024-11-21 | 7.5 High |
| An out-of-bounds write vulnerability on windows operating systems causes the Ivanti AntiVirus Product to crash. Update to Ivanti AV Product version 7.9.1.285 or above. | ||||
| CVE-2023-28324 | 1 Ivanti | 1 Endpoint Manager | 2024-11-21 | 8.2 High |
| A improper input validation vulnerability exists in Ivanti Endpoint Manager 2022 and below that could allow privilege escalation or remote code execution. | ||||
| CVE-2020-13774 | 1 Ivanti | 1 Endpoint Manager | 2024-11-21 | 9.9 Critical |
| An unrestricted file-upload issue in EditLaunchPadDialog.aspx in Ivanti Endpoint Manager 2019.1 and 2020.1 allows an authenticated attacker to gain remote code execution by uploading a malicious aspx file. The issue is caused by insufficient file extension validation and insecure file operations on the uploaded image, which upon failure will leave the temporarily created files in an accessible location on the server. | ||||
| CVE-2020-13773 | 1 Ivanti | 1 Endpoint Manager | 2024-11-21 | 5.4 Medium |
| Ivanti Endpoint Manager through 2020.1.1 allows XSS via /LDMS/frm_splitfrm.aspx, /LDMS/licensecheck.aspx, /LDMS/frm_splitcollapse.aspx, /LDMS/alert_log.aspx, /LDMS/ServerList.aspx, /LDMS/frm_coremainfrm.aspx, /LDMS/frm_findfrm.aspx, /LDMS/frm_taskfrm.aspx, and /LDMS/query_browsecomp.aspx. | ||||
| CVE-2020-13772 | 1 Ivanti | 1 Endpoint Manager | 2024-11-21 | 5.3 Medium |
| In /ldclient/ldprov.cgi in Ivanti Endpoint Manager through 2020.1.1, an attacker is able to disclose information about the server operating system, local pathnames, and environment variables with no authentication required. | ||||
| CVE-2020-13771 | 1 Ivanti | 1 Endpoint Manager | 2024-11-21 | 7.8 High |
| Various components in Ivanti Endpoint Manager through 2020.1.1 rely on Windows search order when loading a (nonexistent) library file, allowing (under certain conditions) one to gain code execution (and elevation of privileges to the level of privilege held by the vulnerable component such as NT AUTHORITY\SYSTEM) via DLL hijacking. This affects ldiscn32.exe, IpmiRedirectionService.exe, LDAPWhoAmI.exe, and ldprofile.exe. | ||||
| CVE-2020-13770 | 1 Ivanti | 1 Endpoint Manager | 2024-11-21 | 7.8 High |
| Several services are accessing named pipes in Ivanti Endpoint Manager through 2020.1.1 with default or overly permissive security attributes; as these services run as user ‘NT AUTHORITY\SYSTEM’, the issue can be used to escalate privileges from a local standard or service account having SeImpersonatePrivilege (eg. user ‘NT AUTHORITY\NETWORK SERVICE’). | ||||
| CVE-2020-13769 | 1 Ivanti | 1 Endpoint Manager | 2024-11-21 | 8.8 High |
| LDMS/alert_log.aspx in Ivanti Endpoint Manager through 2020.1 allows SQL Injection via a /remotecontrolauth/api/device request. | ||||
| CVE-2019-10651 | 1 Ivanti | 1 Endpoint Manager | 2024-11-21 | N/A |
| An issue was discovered in the Core Server in Ivanti Endpoint Manager (EPM) 2017.3 before SU7 and 2018.x before 2018.3 SU3, with remote code execution. In other words, the issue affects 2017.3, 2018.1, and 2018.3 installations that lack the April 2019 update. | ||||
| CVE-2024-50329 | 1 Ivanti | 1 Endpoint Manager | 2024-11-19 | 8.8 High |
| Path traversal in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote unauthenticated attacker to achieve remote code execution. User interaction is required. | ||||
| CVE-2024-50324 | 1 Ivanti | 1 Endpoint Manager | 2024-11-19 | 7.2 High |
| Path traversal in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote authenticated attacker with admin privileges to achieve remote code execution. | ||||
| CVE-2024-50323 | 1 Ivanti | 1 Endpoint Manager | 2024-11-19 | 7.8 High |
| SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a local unauthenticated attacker to achieve code execution. User interaction is required. | ||||
| CVE-2024-50326 | 1 Ivanti | 1 Endpoint Manager | 2024-11-19 | 7.2 High |
| SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote authenticated attacker with admin privileges to achieve remote code execution. | ||||
| CVE-2024-50328 | 1 Ivanti | 1 Endpoint Manager | 2024-11-19 | 7.2 High |
| SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote authenticated attacker with admin privileges to achieve remote code execution. | ||||
| CVE-2024-50327 | 1 Ivanti | 1 Endpoint Manager | 2024-11-19 | 7.2 High |
| SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote authenticated attacker with admin privileges to achieve remote code execution. | ||||