VYPR

Endpoint Manager Mobile

by Ivanti

CVEs (106)

  • CVE-2026-1340CriKEVJan 29, 2026
    risk 0.84cvss 9.8epss 0.84

    A code injection in Ivanti Endpoint Manager Mobile allowing attackers to achieve unauthenticated remote code execution.

  • CVE-2026-6973HigKEVMay 7, 2026
    risk 0.59cvss 7.2epss 0.34

    An Improper Input Validation in Ivanti EPMM before versions 12.6.1.1, 12.7.0.1, and 12.8.0.1 allows a remotely authenticated user with administrative access to achieve remote code execution.

  • CVE-2026-5787HigMay 7, 2026
    risk 0.58cvss 8.9epss 0.01

    An Improper Certificate Validation in Ivanti EPMM before versions 12.6.1.1, 12.7.0.1, and 12.8.0.1 allows a remote unauthenticated attacker to impersonate registered Sentry hosts and obtain valid CA-signed client certificates.

  • CVE-2026-5786HigMay 7, 2026
    risk 0.57cvss 8.8epss 0.01

    An Improper Access Control vulnerability in Ivanti EPMM before versions 12.6.1.1, 12.7.0.1, and 12.8.0.1 allows a remote authenticated attacker to gain administrative access.

  • CVE-2026-7821HigMay 7, 2026
    risk 0.48cvss 7.4epss 0.01

    Improper certificate validation in Ivanti EPMM before versions 12.6.1.1, 12.7.0.1, and 12.8.0.1 allows a remote unauthenticated attacker to enroll a device belonging to a restricted set of unenrolled devices, leading to information disclosure about EPMM appliance…

  • CVE-2026-10727HigJun 9, 2026
    risk 0.47cvss 7.2epss 0.02

    An OS command injection vulnerability in Ivanti EPMM before 12.9.0.1, 12.8.0.3 and 12.7.0.2 versions allows a remote authenticated attacker to execute arbitrary commands as root

  • CVE-2026-5788HigMay 7, 2026
    risk 0.46cvss 7.0epss 0.01

    An Improper Access Control in Ivanti EPMM before versions 12.6.1.1, 12.7.0.1, and 12.8.0.1 allows a remote unauthenticated attacker to invoke arbitrary methods.

  • CVE-2023-35078KEVJul 25, 2023
    risk 0.26cvss epss 1.00

    An authentication bypass vulnerability in Ivanti EPMM allows unauthorized users to access restricted functionality or resources of the application without proper authentication.

  • CVE-2026-1281KEVJan 29, 2026
    risk 0.22cvss epss 0.81

    A code injection in Ivanti Endpoint Manager Mobile allowing attackers to achieve unauthenticated remote code execution.

  • CVE-2025-4427KEVMay 13, 2025
    risk 0.22cvss epss 1.00

    An authentication bypass in the API component of Ivanti Endpoint Manager Mobile 12.5.0.0 and prior allows attackers to access protected resources without proper credentials via the API.

  • CVE-2024-13159KEVJan 14, 2025
    risk 0.20cvss epss 1.00

    Absolute path traversal in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to leak sensitive information.

  • CVE-2024-13160KEVJan 14, 2025
    risk 0.20cvss epss 0.90

    Absolute path traversal in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to leak sensitive information.

  • CVE-2024-13161KEVJan 14, 2025
    risk 0.19cvss epss 0.89

    Absolute path traversal in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to leak sensitive information.

  • CVE-2025-4428KEVMay 13, 2025
    risk 0.18cvss epss 0.88

    Remote Code Execution in API component in Ivanti Endpoint Manager Mobile 12.5.0.0 and prior on unspecified platforms allows authenticated attackers to execute arbitrary code via crafted API requests.

  • CVE-2026-1603KEVFeb 10, 2026
    risk 0.17cvss epss 0.81

    An authentication bypass in Ivanti Endpoint Manager before version 2024 SU5 allows a remote unauthenticated attacker to leak specific stored credential data.

  • CVE-2023-28324Jun 30, 2023
    risk 0.10cvss epss 0.12

    A improper input validation vulnerability exists in Ivanti Endpoint Manager 2022 and below that could allow privilege escalation or remote code execution.

  • CVE-2024-50324Nov 12, 2024
    risk 0.07cvss epss 0.18

    Path traversal in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote authenticated attacker with admin privileges to achieve remote code execution.

  • CVE-2024-34781Nov 13, 2024
    risk 0.06cvss epss 0.68

    SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote authenticated attacker with admin privileges to achieve remote code execution.

  • CVE-2024-50330Nov 12, 2024
    risk 0.06cvss epss 0.41

    SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote unauthenticated attacker to achieve remote code execution.

  • CVE-2024-50326Nov 12, 2024
    risk 0.06cvss epss 0.26

    SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote authenticated attacker with admin privileges to achieve remote code execution.

Page 1 of 6