Filtered by vendor Ivanti
Subscriptions
Filtered by product Endpoint Manager
Subscriptions
Total
90 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-29824 | 1 Ivanti | 1 Endpoint Manager | 2025-07-30 | 8.8 High |
| An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an unauthenticated attacker within the same network to execute arbitrary code. | ||||
| CVE-2024-13161 | 1 Ivanti | 1 Endpoint Manager | 2025-07-30 | 9.8 Critical |
| Absolute path traversal in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to leak sensitive information. | ||||
| CVE-2024-13160 | 1 Ivanti | 1 Endpoint Manager | 2025-07-30 | 9.8 Critical |
| Absolute path traversal in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to leak sensitive information. | ||||
| CVE-2024-13159 | 1 Ivanti | 1 Endpoint Manager | 2025-07-30 | 9.8 Critical |
| Absolute path traversal in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to leak sensitive information. | ||||
| CVE-2025-6995 | 1 Ivanti | 1 Endpoint Manager | 2025-07-13 | 8.4 High |
| Improper use of encryption in the agent of Ivanti Endpoint Manager before version 2024 SU3 and 2022 SU8 Security Update 1 allows a local authenticated attacker to decrypt other users’ passwords. | ||||
| CVE-2025-6996 | 1 Ivanti | 1 Endpoint Manager | 2025-07-13 | 8.4 High |
| Improper use of encryption in the agent of Ivanti Endpoint Manager before version 2024 SU3 and 2022 SU8 Security Update 1 allows a local authenticated attacker to decrypt other users’ passwords. | ||||
| CVE-2024-13172 | 1 Ivanti | 1 Endpoint Manager | 2025-07-11 | 7.8 High |
| Improper signature verification in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to achieve remote code execution. Local user interaction is required. | ||||
| CVE-2024-13171 | 1 Ivanti | 1 Endpoint Manager | 2025-07-11 | 7.8 High |
| Insufficient filename validation in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to achieve remote code execution. Local user interaction is required. | ||||
| CVE-2024-13170 | 1 Ivanti | 1 Endpoint Manager | 2025-07-11 | 7.5 High |
| An out-of-bounds write in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to cause a denial of service. | ||||
| CVE-2024-13169 | 1 Ivanti | 1 Endpoint Manager | 2025-07-11 | 7.8 High |
| An out-of-bounds read in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a local authenticated attacker to escalate their privileges. | ||||
| CVE-2024-13168 | 1 Ivanti | 1 Endpoint Manager | 2025-07-11 | 7.5 High |
| An out-of-bounds write in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to cause a denial of service. | ||||
| CVE-2024-13164 | 1 Ivanti | 1 Endpoint Manager | 2025-07-11 | 7.8 High |
| An uninitialized resource in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a local authenticated attacker to escalate their privileges. | ||||
| CVE-2024-13163 | 1 Ivanti | 1 Endpoint Manager | 2025-07-11 | 7.8 High |
| Deserialization of untrusted data in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to achieve remote code execution. Local user interaction is required. | ||||
| CVE-2024-13165 | 1 Ivanti | 1 Endpoint Manager | 2025-07-11 | 7.5 High |
| An out-of-bounds write in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to cause a denial of service. | ||||
| CVE-2024-13166 | 1 Ivanti | 1 Endpoint Manager | 2025-07-11 | 7.5 High |
| An out-of-bounds write in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to cause a denial of service. | ||||
| CVE-2024-13167 | 1 Ivanti | 1 Endpoint Manager | 2025-07-11 | 7.5 High |
| An out-of-bounds write in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to cause a denial of service. | ||||
| CVE-2024-13162 | 1 Ivanti | 1 Endpoint Manager | 2025-07-11 | 7.2 High |
| SQL injection in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote authenticated attacker with admin privileges to achieve remote code execution. This CVE addresses incomplete fixes from CVE-2024-32848. | ||||
| CVE-2025-7037 | 1 Ivanti | 1 Endpoint Manager | 2025-07-11 | 7.2 High |
| SQL injection in Ivanti Endpoint Manager before version 2024 SU3 and 2022 SU8 Security Update 1 allows a remote authenticated attacker with admin privileges to read arbitrary data from the database | ||||
| CVE-2024-37397 | 1 Ivanti | 1 Endpoint Manager | 2025-07-10 | 8.2 High |
| An External XML Entity (XXE) vulnerability in the provisioning web service of Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote unauthenticated attacker to leak API secrets. | ||||
| CVE-2024-37381 | 1 Ivanti | 1 Endpoint Manager | 2025-07-10 | 8.0 High |
| An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2024 flat allows an authenticated attacker within the same network to execute arbitrary code. | ||||