VYPR

EPM

by Ivanti

CVEs (58)

  • CVE-2024-13159CriKEVJan 14, 2025
    risk 0.84cvss 9.8epss 1.00

    Absolute path traversal in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to leak sensitive information.

  • CVE-2024-13161CriKEVJan 14, 2025
    risk 0.83cvss 9.8epss 0.89

    Absolute path traversal in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to leak sensitive information.

  • CVE-2024-13160CriKEVJan 14, 2025
    risk 0.83cvss 9.8epss 0.90

    Absolute path traversal in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to leak sensitive information.

  • CVE-2024-29824HigKEVMay 31, 2024
    risk 0.80cvss 8.8epss 1.00

    An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an unauthenticated attacker within the same network to execute arbitrary code.

  • CVE-2024-29847CriSep 12, 2024
    risk 0.68cvss 9.8epss 0.53

    Deserialization of untrusted data in the agent portal of Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote unauthenticated attacker to achieve remote code execution.

  • CVE-2024-29826HigMay 31, 2024
    risk 0.65cvss 8.8epss 1.00

    An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an unauthenticated attacker within the same network to execute arbitrary code.

  • CVE-2024-29825HigMay 31, 2024
    risk 0.65cvss 8.8epss 1.00

    An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an unauthenticated attacker within the same network to execute arbitrary code.

  • CVE-2024-29823HigMay 31, 2024
    risk 0.65cvss 8.8epss 1.00

    An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an unauthenticated attacker within the same network to execute arbitrary code.

  • CVE-2024-10811CriJan 14, 2025
    risk 0.64cvss 9.8epss 0.03

    Absolute path traversal in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to leak sensitive information.

  • CVE-2023-28323CriJul 1, 2023
    risk 0.64cvss 9.8epss 0.03

    A deserialization of untrusted data exists in EPM 2022 Su3 and all prior versions that allows an unauthenticated user to elevate rights. This exploit could potentially be used in conjunction with other OS (Operating System) vulnerabilities to escalate privileges on the machine…

  • CVE-2022-27773CriDec 5, 2022
    risk 0.64cvss 9.8epss 0.03

    A privilege escalation vulnerability is identified in Ivanti EPM (LANDesk Management Suite) that allows a user to execute commands with elevated privileges.

  • CVE-2024-29827HigMay 31, 2024
    risk 0.63cvss 8.8epss 0.72

    An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an unauthenticated attacker within the same network to execute arbitrary code.

  • CVE-2024-29822HigMay 31, 2024
    risk 0.62cvss 8.8epss 0.64

    An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an unauthenticated attacker within the same network to execute arbitrary code.

  • CVE-2025-9712HigSep 9, 2025
    risk 0.59cvss 8.8epss 0.20

    Insufficient filename validation in Ivanti Endpoint Manager before 2024 SU3 SR1 and 2022 SU8 SR2 allows a remote unauthenticated attacker to achieve remote code execution. User interaction is required.

  • CVE-2024-37397HigSep 12, 2024
    risk 0.58cvss 8.2epss 0.59

    An External XML Entity (XXE) vulnerability in the provisioning web service of Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote unauthenticated attacker to leak API secrets.

  • CVE-2024-29846HigMay 31, 2024
    risk 0.53cvss 8.0epss 0.08

    An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an authenticated attacker within the same network to execute arbitrary code.

  • CVE-2024-29830HigMay 31, 2024
    risk 0.53cvss 8.0epss 0.08

    An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an authenticated attacker within the same network to execute arbitrary code.

  • CVE-2024-29829HigMay 31, 2024
    risk 0.53cvss 8.0epss 0.08

    An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an authenticated attacker within the same network to execute arbitrary code.

  • CVE-2024-29828HigMay 31, 2024
    risk 0.53cvss 8.0epss 0.08

    An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an authenticated attacker within the same network to execute arbitrary code.

  • CVE-2024-13171HigJan 14, 2025
    risk 0.52cvss 7.8epss 0.18

    Insufficient filename validation in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to achieve remote code execution. Local user interaction is required.

Page 1 of 3