VYPR

Endpoint Manager Mobile

by Ivanti

CVEs (106)

  • CVE-2020-13773Nov 16, 2020
    risk 0.00cvss epss 0.01

    Ivanti Endpoint Manager through 2020.1.1 allows XSS via /LDMS/frm_splitfrm.aspx, /LDMS/licensecheck.aspx, /LDMS/frm_splitcollapse.aspx, /LDMS/alert_log.aspx, /LDMS/ServerList.aspx, /LDMS/frm_coremainfrm.aspx, /LDMS/frm_findfrm.aspx, /LDMS/frm_taskfrm.aspx, and…

  • CVE-2020-13769Nov 16, 2020
    risk 0.00cvss epss 0.03

    LDMS/alert_log.aspx in Ivanti Endpoint Manager through 2020.1 allows SQL Injection via a /remotecontrolauth/api/device request.

  • CVE-2020-13772Nov 16, 2020
    risk 0.00cvss epss 0.02

    In /ldclient/ldprov.cgi in Ivanti Endpoint Manager through 2020.1.1, an attacker is able to disclose information about the server operating system, local pathnames, and environment variables with no authentication required.

  • CVE-2020-13774Nov 12, 2020
    risk 0.00cvss epss 0.05

    An unrestricted file-upload issue in EditLaunchPadDialog.aspx in Ivanti Endpoint Manager 2019.1 and 2020.1 allows an authenticated attacker to gain remote code execution by uploading a malicious aspx file. The issue is caused by insufficient file extension validation and…

  • CVE-2020-13770Nov 12, 2020
    risk 0.00cvss epss 0.00

    Several services are accessing named pipes in Ivanti Endpoint Manager through 2020.1.1 with default or overly permissive security attributes; as these services run as user ‘NT AUTHORITY\SYSTEM’, the issue can be used to escalate privileges from a local standard or service…

  • CVE-2020-13771Nov 12, 2020
    risk 0.00cvss epss 0.01

    Various components in Ivanti Endpoint Manager through 2020.1.1 rely on Windows search order when loading a (nonexistent) library file, allowing (under certain conditions) one to gain code execution (and elevation of privileges to the level of privilege held by the vulnerable…

Page 6 of 6