VYPR

Endpoint Manager Mobile

by Ivanti

CVEs (106)

  • CVE-2024-13162Jan 14, 2025
    risk 0.05cvss epss 0.64

    SQL injection in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote authenticated attacker with admin privileges to achieve remote code execution. This CVE addresses incomplete fixes from CVE-2024-32848.

  • CVE-2024-13163Jan 14, 2025
    risk 0.03cvss epss 0.09

    Deserialization of untrusted data in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to achieve remote code execution. Local user interaction is required.

  • CVE-2024-13171Jan 14, 2025
    risk 0.03cvss epss 0.18

    Insufficient filename validation in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to achieve remote code execution. Local user interaction is required.

  • CVE-2024-8191Sep 10, 2024
    risk 0.03cvss epss 0.20

    SQL injection in the management console of Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote unauthenticated attacker to achieve remote code execution.

  • CVE-2025-6771Jul 8, 2025
    risk 0.02cvss epss 0.15

    OS command injection in Ivanti Endpoint Manager Mobile (EPMM) before version 12.5.0.2,12.4.0.3 and 12.3.0.3 allows a remote authenticated attacker with high privileges to achieve remote code execution

  • CVE-2024-13158Jan 14, 2025
    risk 0.02cvss epss 0.03

    An unbounded resource search path in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote authenticated attacker with admin privileges to achieve remote code execution.

  • CVE-2024-50329Nov 12, 2024
    risk 0.02cvss epss 0.02

    Path traversal in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote unauthenticated attacker to achieve remote code execution. User interaction is required.

  • CVE-2024-50328Nov 12, 2024
    risk 0.02cvss epss 0.02

    SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote authenticated attacker with admin privileges to achieve remote code execution.

  • CVE-2019-10651Jul 11, 2019
    risk 0.02cvss epss 0.04

    An issue was discovered in the Core Server in Ivanti Endpoint Manager (EPM) 2017.3 before SU7 and 2018.x before 2018.3 SU3, with remote code execution. In other words, the issue affects 2017.3, 2018.1, and 2018.3 installations that lack the April 2019 update.

  • CVE-2025-10985Oct 14, 2025
    risk 0.01cvss epss 0.21

    OS command injection in the admin panel of Ivanti EPMM before version 12.6.0.2, 12.5.0.4, and 12.4.0.4 allows a remote authenticated attacker with admin privileges to achieve remote code execution.

  • CVE-2025-10243Oct 14, 2025
    risk 0.01cvss epss 0.21

    OS command injection in the admin panel of Ivanti EPMM before version 12.6.0.2, 12.5.0.4, and 12.4.0.4 allows a remote authenticated attacker with admin privileges to achieve remote code execution.

  • CVE-2025-10242Oct 14, 2025
    risk 0.01cvss epss 0.21

    OS command injection in the admin panel of Ivanti EPMM before version 12.6.0.2, 12.5.0.4, and 12.4.0.4 allows a remote authenticated attacker with admin privileges to achieve remote code execution.

  • CVE-2025-6770Jul 8, 2025
    risk 0.01cvss epss 0.12

    OS command injection in Ivanti Endpoint Manager Mobile (EPMM) before version 12.5.0.2 allows a remote authenticated attacker with high privileges to achieve remote code execution

  • CVE-2024-34784Nov 13, 2024
    risk 0.01cvss epss 0.02

    SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote authenticated attacker with admin privileges to achieve remote code execution.

  • CVE-2024-34780Nov 13, 2024
    risk 0.01cvss epss 0.02

    SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote authenticated attacker with admin privileges to achieve remote code execution.

  • CVE-2024-32839Nov 13, 2024
    risk 0.01cvss epss 0.03

    SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote authenticated attacker with admin privileges to achieve remote code execution.

  • CVE-2024-32844Nov 13, 2024
    risk 0.01cvss epss 0.02

    SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote authenticated attacker with admin privileges to achieve remote code execution.

  • CVE-2024-34787Nov 13, 2024
    risk 0.01cvss epss 0.18

    Path traversal in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a local unauthenticated attacker to achieve code execution. User interaction is required.

  • CVE-2024-32847Nov 13, 2024
    risk 0.01cvss epss 0.03

    SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote authenticated attacker with admin privileges to achieve remote code execution.

  • CVE-2024-32841Nov 13, 2024
    risk 0.01cvss epss 0.03

    SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote authenticated attacker with admin privileges to achieve remote code execution.

Page 2 of 6