EPM
by Ivanti
CVEs (58)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-13162 | Hig | 0.52 | 7.2 | 0.64 | Jan 14, 2025 | SQL injection in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote authenticated attacker with admin privileges to achieve remote code execution. This CVE addresses incomplete fixes from CVE-2024-32848. | ||
| CVE-2024-34787 | Hig | 0.52 | 7.8 | 0.18 | Nov 13, 2024 | Path traversal in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a local unauthenticated attacker to achieve code execution. User interaction is required. | ||
| CVE-2024-34781 | Hig | 0.52 | 7.2 | 0.68 | Nov 13, 2024 | SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote authenticated attacker with admin privileges to achieve remote code execution. | ||
| CVE-2024-8191 | Hig | 0.52 | 7.8 | 0.20 | Sep 10, 2024 | SQL injection in the management console of Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote unauthenticated attacker to achieve remote code execution. | ||
| CVE-2024-37381 | Hig | 0.52 | 8.0 | 0.03 | Jul 29, 2024 | An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2024 flat allows an authenticated attacker within the same network to execute arbitrary code. | ||
| CVE-2024-13172 | Hig | 0.51 | 7.8 | 0.01 | Jan 14, 2025 | Improper signature verification in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to achieve remote code execution. Local user interaction is required. | ||
| CVE-2024-13169 | Hig | 0.51 | 7.8 | 0.00 | Jan 14, 2025 | An out-of-bounds read in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a local authenticated attacker to escalate their privileges. | ||
| CVE-2024-13164 | Hig | 0.51 | 7.8 | 0.00 | Jan 14, 2025 | An uninitialized resource in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a local authenticated attacker to escalate their privileges. | ||
| CVE-2024-13163 | Hig | 0.51 | 7.8 | 0.09 | Jan 14, 2025 | Deserialization of untrusted data in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to achieve remote code execution. Local user interaction is required. | ||
| CVE-2024-22058 | Hig | 0.51 | 7.8 | 0.00 | May 31, 2024 | A buffer overflow allows a low privilege user on the local machine that has the EPM Agent installed to execute arbitrary code with elevated permissions in Ivanti EPM 2021.1 and older. | ||
| CVE-2024-34783 | Hig | 0.50 | 7.2 | 0.43 | Sep 12, 2024 | An unspecified SQL injection in Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote authenticated attacker with admin privileges to achieve remote code execution. | ||
| CVE-2024-32848 | Hig | 0.50 | 7.2 | 0.43 | Sep 12, 2024 | An unspecified SQL injection in Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote authenticated attacker with admin privileges to achieve remote code execution. | ||
| CVE-2024-13170 | Hig | 0.49 | 7.5 | 0.02 | Jan 14, 2025 | An out-of-bounds write in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to cause a denial of service. | ||
| CVE-2024-13168 | Hig | 0.49 | 7.5 | 0.02 | Jan 14, 2025 | An out-of-bounds write in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to cause a denial of service. | ||
| CVE-2024-13167 | Hig | 0.49 | 7.5 | 0.02 | Jan 14, 2025 | An out-of-bounds write in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to cause a denial of service. | ||
| CVE-2024-13166 | Hig | 0.49 | 7.5 | 0.02 | Jan 14, 2025 | An out-of-bounds write in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to cause a denial of service. | ||
| CVE-2024-13165 | Hig | 0.49 | 7.5 | 0.02 | Jan 14, 2025 | An out-of-bounds write in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to cause a denial of service. | ||
| CVE-2024-34785 | Hig | 0.49 | 7.2 | 0.25 | Sep 12, 2024 | An unspecified SQL injection in Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote authenticated attacker with admin privileges to achieve remote code execution. | ||
| CVE-2024-34779 | Hig | 0.49 | 7.2 | 0.24 | Sep 12, 2024 | An unspecified SQL injection in Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote authenticated attacker with admin privileges to achieve remote code execution. | ||
| CVE-2024-32845 | Hig | 0.49 | 7.2 | 0.24 | Sep 12, 2024 | An unspecified SQL injection in Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote authenticated attacker with admin privileges to achieve remote code execution. |
- risk 0.52cvss 7.2epss 0.64
SQL injection in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote authenticated attacker with admin privileges to achieve remote code execution. This CVE addresses incomplete fixes from CVE-2024-32848.
- risk 0.52cvss 7.8epss 0.18
Path traversal in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a local unauthenticated attacker to achieve code execution. User interaction is required.
- risk 0.52cvss 7.2epss 0.68
SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote authenticated attacker with admin privileges to achieve remote code execution.
- risk 0.52cvss 7.8epss 0.20
SQL injection in the management console of Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote unauthenticated attacker to achieve remote code execution.
- risk 0.52cvss 8.0epss 0.03
An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2024 flat allows an authenticated attacker within the same network to execute arbitrary code.
- risk 0.51cvss 7.8epss 0.01
Improper signature verification in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to achieve remote code execution. Local user interaction is required.
- risk 0.51cvss 7.8epss 0.00
An out-of-bounds read in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a local authenticated attacker to escalate their privileges.
- risk 0.51cvss 7.8epss 0.00
An uninitialized resource in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a local authenticated attacker to escalate their privileges.
- risk 0.51cvss 7.8epss 0.09
Deserialization of untrusted data in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to achieve remote code execution. Local user interaction is required.
- risk 0.51cvss 7.8epss 0.00
A buffer overflow allows a low privilege user on the local machine that has the EPM Agent installed to execute arbitrary code with elevated permissions in Ivanti EPM 2021.1 and older.
- risk 0.50cvss 7.2epss 0.43
An unspecified SQL injection in Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote authenticated attacker with admin privileges to achieve remote code execution.
- risk 0.50cvss 7.2epss 0.43
An unspecified SQL injection in Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote authenticated attacker with admin privileges to achieve remote code execution.
- risk 0.49cvss 7.5epss 0.02
An out-of-bounds write in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to cause a denial of service.
- risk 0.49cvss 7.5epss 0.02
An out-of-bounds write in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to cause a denial of service.
- risk 0.49cvss 7.5epss 0.02
An out-of-bounds write in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to cause a denial of service.
- risk 0.49cvss 7.5epss 0.02
An out-of-bounds write in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to cause a denial of service.
- risk 0.49cvss 7.5epss 0.02
An out-of-bounds write in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to cause a denial of service.
- risk 0.49cvss 7.2epss 0.25
An unspecified SQL injection in Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote authenticated attacker with admin privileges to achieve remote code execution.
- risk 0.49cvss 7.2epss 0.24
An unspecified SQL injection in Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote authenticated attacker with admin privileges to achieve remote code execution.
- risk 0.49cvss 7.2epss 0.24
An unspecified SQL injection in Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote authenticated attacker with admin privileges to achieve remote code execution.
Page 2 of 3