VYPR

EPM

by Ivanti

CVEs (58)

  • CVE-2024-13162HigJan 14, 2025
    risk 0.52cvss 7.2epss 0.64

    SQL injection in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote authenticated attacker with admin privileges to achieve remote code execution. This CVE addresses incomplete fixes from CVE-2024-32848.

  • CVE-2024-34787HigNov 13, 2024
    risk 0.52cvss 7.8epss 0.18

    Path traversal in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a local unauthenticated attacker to achieve code execution. User interaction is required.

  • CVE-2024-34781HigNov 13, 2024
    risk 0.52cvss 7.2epss 0.68

    SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote authenticated attacker with admin privileges to achieve remote code execution.

  • CVE-2024-8191HigSep 10, 2024
    risk 0.52cvss 7.8epss 0.20

    SQL injection in the management console of Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote unauthenticated attacker to achieve remote code execution.

  • CVE-2024-37381HigJul 29, 2024
    risk 0.52cvss 8.0epss 0.03

    An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2024 flat allows an authenticated attacker within the same network to execute arbitrary code.

  • CVE-2024-13172HigJan 14, 2025
    risk 0.51cvss 7.8epss 0.01

    Improper signature verification in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to achieve remote code execution. Local user interaction is required.

  • CVE-2024-13169HigJan 14, 2025
    risk 0.51cvss 7.8epss 0.00

    An out-of-bounds read in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a local authenticated attacker to escalate their privileges.

  • CVE-2024-13164HigJan 14, 2025
    risk 0.51cvss 7.8epss 0.00

    An uninitialized resource in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a local authenticated attacker to escalate their privileges.

  • CVE-2024-13163HigJan 14, 2025
    risk 0.51cvss 7.8epss 0.09

    Deserialization of untrusted data in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to achieve remote code execution. Local user interaction is required.

  • CVE-2024-22058HigMay 31, 2024
    risk 0.51cvss 7.8epss 0.00

    A buffer overflow allows a low privilege user on the local machine that has the EPM Agent installed to execute arbitrary code with elevated permissions in Ivanti EPM 2021.1 and older.

  • CVE-2024-34783HigSep 12, 2024
    risk 0.50cvss 7.2epss 0.43

    An unspecified SQL injection in Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote authenticated attacker with admin privileges to achieve remote code execution.

  • CVE-2024-32848HigSep 12, 2024
    risk 0.50cvss 7.2epss 0.43

    An unspecified SQL injection in Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote authenticated attacker with admin privileges to achieve remote code execution.

  • CVE-2024-13170HigJan 14, 2025
    risk 0.49cvss 7.5epss 0.02

    An out-of-bounds write in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to cause a denial of service.

  • CVE-2024-13168HigJan 14, 2025
    risk 0.49cvss 7.5epss 0.02

    An out-of-bounds write in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to cause a denial of service.

  • CVE-2024-13167HigJan 14, 2025
    risk 0.49cvss 7.5epss 0.02

    An out-of-bounds write in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to cause a denial of service.

  • CVE-2024-13166HigJan 14, 2025
    risk 0.49cvss 7.5epss 0.02

    An out-of-bounds write in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to cause a denial of service.

  • CVE-2024-13165HigJan 14, 2025
    risk 0.49cvss 7.5epss 0.02

    An out-of-bounds write in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to cause a denial of service.

  • CVE-2024-34785HigSep 12, 2024
    risk 0.49cvss 7.2epss 0.25

    An unspecified SQL injection in Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote authenticated attacker with admin privileges to achieve remote code execution.

  • CVE-2024-34779HigSep 12, 2024
    risk 0.49cvss 7.2epss 0.24

    An unspecified SQL injection in Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote authenticated attacker with admin privileges to achieve remote code execution.

  • CVE-2024-32845HigSep 12, 2024
    risk 0.49cvss 7.2epss 0.24

    An unspecified SQL injection in Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote authenticated attacker with admin privileges to achieve remote code execution.