VYPR

EPM

by Ivanti

CVEs (48)

  • CVE-2024-29824KEVMay 31, 2024
    Ivanti
    EPM
    risk 0.23cvss epss 0.94

    An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an unauthenticated attacker within the same network to execute arbitrary code.

  • CVE-2024-13159KEVJan 14, 2025
    Ivanti
    Endpoint Manager Mobile
    risk 0.20cvss epss 0.94

    Absolute path traversal in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to leak sensitive information.

  • CVE-2024-13160KEVJan 14, 2025
    Ivanti
    Endpoint Manager Mobile
    risk 0.20cvss epss 0.94

    Absolute path traversal in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to leak sensitive information.

  • CVE-2024-13161KEVJan 14, 2025
    Ivanti
    Endpoint Manager Mobile
    risk 0.19cvss epss 0.91

    Absolute path traversal in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to leak sensitive information.

  • CVE-2024-29847Sep 12, 2024
    Ivanti
    EPM
    risk 0.06cvss epss 0.70

    Deserialization of untrusted data in the agent portal of Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote unauthenticated attacker to achieve remote code execution.

  • CVE-2024-34781Nov 13, 2024
    Ivanti
    Endpoint Manager Mobile
    risk 0.05cvss epss 0.64

    SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote authenticated attacker with admin privileges to achieve remote code execution.

  • CVE-2024-13162Jan 14, 2025
    Ivanti
    Endpoint Manager Mobile
    risk 0.04cvss epss 0.44

    SQL injection in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote authenticated attacker with admin privileges to achieve remote code execution. This CVE addresses incomplete fixes from CVE-2024-32848.

  • CVE-2024-34783Sep 12, 2024
    Ivanti
    EPM
    risk 0.04cvss epss 0.56

    An unspecified SQL injection in Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote authenticated attacker with admin privileges to achieve remote code execution.

  • CVE-2024-32848Sep 12, 2024
    Ivanti
    EPM
    risk 0.04cvss epss 0.56

    An unspecified SQL injection in Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote authenticated attacker with admin privileges to achieve remote code execution.

  • CVE-2024-32840Sep 12, 2024
    Ivanti
    EPM
    risk 0.03cvss epss 0.38

    An unspecified SQL injection in Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote authenticated attacker with admin privileges to achieve remote code execution.

  • CVE-2024-34779Sep 12, 2024
    Ivanti
    EPM
    risk 0.03cvss epss 0.38

    An unspecified SQL injection in Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote authenticated attacker with admin privileges to achieve remote code execution.

  • CVE-2024-34785Sep 12, 2024
    Ivanti
    EPM
    risk 0.03cvss epss 0.38

    An unspecified SQL injection in Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote authenticated attacker with admin privileges to achieve remote code execution.

  • CVE-2024-32845Sep 12, 2024
    Ivanti
    EPM
    risk 0.03cvss epss 0.38

    An unspecified SQL injection in Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote authenticated attacker with admin privileges to achieve remote code execution.

  • CVE-2024-13163Jan 14, 2025
    Ivanti
    Endpoint Manager Mobile
    risk 0.02cvss epss 0.26

    Deserialization of untrusted data in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to achieve remote code execution. Local user interaction is required.

  • CVE-2024-13171Jan 14, 2025
    Ivanti
    Endpoint Manager Mobile
    risk 0.02cvss epss 0.30

    Insufficient filename validation in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to achieve remote code execution. Local user interaction is required.

  • CVE-2024-13158Jan 14, 2025
    Ivanti
    Endpoint Manager Mobile
    risk 0.02cvss epss 0.24

    An unbounded resource search path in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote authenticated attacker with admin privileges to achieve remote code execution.

  • CVE-2024-32839Nov 13, 2024
    Ivanti
    Endpoint Manager Mobile
    risk 0.01cvss epss 0.09

    SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote authenticated attacker with admin privileges to achieve remote code execution.

  • CVE-2024-34787Nov 13, 2024
    Ivanti
    Endpoint Manager Mobile
    risk 0.01cvss epss 0.09

    Path traversal in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a local unauthenticated attacker to achieve code execution. User interaction is required.

  • CVE-2024-32847Nov 13, 2024
    Ivanti
    Endpoint Manager Mobile
    risk 0.01cvss epss 0.11

    SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote authenticated attacker with admin privileges to achieve remote code execution.

  • CVE-2024-32841Nov 13, 2024
    Ivanti
    Endpoint Manager Mobile
    risk 0.01cvss epss 0.09

    SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote authenticated attacker with admin privileges to achieve remote code execution.

Page 1 of 3