VYPR

Endpoint Manager Mobile

by Ivanti

CVEs (106)

  • CVE-2024-13168Jan 14, 2025
    risk 0.00cvss epss 0.02

    An out-of-bounds write in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to cause a denial of service.

  • CVE-2024-13169Jan 14, 2025
    risk 0.00cvss epss 0.00

    An out-of-bounds read in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a local authenticated attacker to escalate their privileges.

  • CVE-2024-13170Jan 14, 2025
    risk 0.00cvss epss 0.02

    An out-of-bounds write in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to cause a denial of service.

  • CVE-2024-13172Jan 14, 2025
    risk 0.00cvss epss 0.01

    Improper signature verification in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to achieve remote code execution. Local user interaction is required.

  • CVE-2024-10811Jan 14, 2025
    risk 0.00cvss epss 0.03

    Absolute path traversal in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to leak sensitive information.

  • CVE-2024-10256Dec 10, 2024
    risk 0.00cvss epss 0.00

    Insufficient permissions in Ivanti Patch SDK before version 9.7.703 allows a local authenticated attacker to delete arbitrary files.

  • CVE-2024-50323Nov 12, 2024
    risk 0.00cvss epss 0.01

    SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a local unauthenticated attacker to achieve code execution. User interaction is required.

  • CVE-2024-7612Oct 8, 2024
    risk 0.00cvss epss 0.00

    Insecure permissions in Ivanti EPMM before 12.1.0.4 allow a local authenticated attacker to modify sensitive application components.

  • CVE-2024-8441Sep 10, 2024
    risk 0.00cvss epss 0.00

    An uncontrolled search path in the agent of Ivanti EPM before 2022 SU6, or the 2024 September update allows a local authenticated attacker with admin privileges to escalate their privileges to SYSTEM.

  • CVE-2024-8322Sep 10, 2024
    risk 0.00cvss epss 0.01

    Weak authentication in Patch Management of Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote authenticated attacker to access restricted functionality.

  • CVE-2024-8321Sep 10, 2024
    risk 0.00cvss epss 0.02

    Missing authentication in Network Isolation of Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote unauthenticated attacker to isolate managed devices from the network.

  • CVE-2024-8320Sep 10, 2024
    risk 0.00cvss epss 0.01

    Missing authentication in Network Isolation of Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote unauthenticated attacker to spoof Network Isolation status of managed devices.

  • CVE-2024-29822May 31, 2024
    risk 0.00cvss epss 0.64

    An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an unauthenticated attacker within the same network to execute arbitrary code.

  • CVE-2023-39336Jan 9, 2024
    risk 0.00cvss epss 0.10

    An unspecified SQL Injection vulnerability in Ivanti Endpoint Manager released prior to 2022 SU 5 allows an attacker with access to the internal network to execute arbitrary SQL queries and retrieve output without the need for authentication. Under specific circumstances, this…

  • CVE-2023-35083Oct 18, 2023
    risk 0.00cvss epss 0.01

    Allows an authenticated attacker with network access to read arbitrary files on Endpoint Manager recently discovered on 2022 SU3 and all previous versions potentially leading to the leakage of sensitive information.

  • CVE-2023-35084Oct 18, 2023
    risk 0.00cvss epss 0.03

    Unsafe Deserialization of User Input could lead to Execution of Unauthorized Operations in Ivanti Endpoint Manager 2022 su3 and all previous versions, which could allow an attacker to execute commands remotely.

  • CVE-2023-38344Sep 21, 2023
    risk 0.00cvss epss 0.01

    An issue was discovered in Ivanti Endpoint Manager before 2022 SU4. A file disclosure vulnerability exists in the GetFileContents SOAP action exposed via /landesk/managementsuite/core/core.secure/OsdScript.asmx. The application does not sufficiently restrict user-supplied paths,…

  • CVE-2023-38343Sep 21, 2023
    risk 0.00cvss epss 0.01

    An XXE (XML external entity injection) vulnerability exists in the CSEP component of Ivanti Endpoint Manager before 2022 SU4. External entity references are enabled in the XML parser configuration. Exploitation of this vulnerability can lead to file disclosure or Server Side…

  • CVE-2023-35077Jul 21, 2023
    risk 0.00cvss epss 0.01

    An out-of-bounds write vulnerability on windows operating systems causes the Ivanti AntiVirus Product to crash. Update to Ivanti AV Product version 7.9.1.285 or above.

  • CVE-2022-35259Dec 5, 2022
    risk 0.00cvss epss 0.01

    XML Injection with Endpoint Manager 2022. 3 and below causing a download of a malicious file to run and possibly execute to gain unauthorized privileges.

Page 5 of 6