VYPR

EPM

by Ivanti

CVEs (58)

  • CVE-2024-32840HigSep 12, 2024
    risk 0.49cvss 7.2epss 0.25

    An unspecified SQL injection in Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote authenticated attacker with admin privileges to achieve remote code execution.

  • CVE-2025-7037HigJul 8, 2025
    risk 0.47cvss 7.2epss 0.01

    SQL injection in Ivanti Endpoint Manager before version 2024 SU3 and 2022 SU8 Security Update 1 allows a remote authenticated attacker with admin privileges to read arbitrary data from the database

  • CVE-2024-13158HigJan 14, 2025
    risk 0.47cvss 7.2epss 0.03

    An unbounded resource search path in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote authenticated attacker with admin privileges to achieve remote code execution.

  • CVE-2024-37376HigNov 13, 2024
    risk 0.47cvss 7.2epss 0.03

    SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote authenticated attacker with admin privileges to achieve remote code execution.

  • CVE-2024-34784HigNov 13, 2024
    risk 0.47cvss 7.2epss 0.02

    SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote authenticated attacker with admin privileges to achieve remote code execution.

  • CVE-2024-34782HigNov 13, 2024
    risk 0.47cvss 7.2epss 0.02

    SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote authenticated attacker with admin privileges to achieve remote code execution.

  • CVE-2024-34780HigNov 13, 2024
    risk 0.47cvss 7.2epss 0.02

    SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote authenticated attacker with admin privileges to achieve remote code execution.

  • CVE-2024-32847HigNov 13, 2024
    risk 0.47cvss 7.2epss 0.03

    SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote authenticated attacker with admin privileges to achieve remote code execution.

  • CVE-2024-32844HigNov 13, 2024
    risk 0.47cvss 7.2epss 0.02

    SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote authenticated attacker with admin privileges to achieve remote code execution.

  • CVE-2024-32841HigNov 13, 2024
    risk 0.47cvss 7.2epss 0.03

    SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote authenticated attacker with admin privileges to achieve remote code execution.

  • CVE-2024-32839HigNov 13, 2024
    risk 0.47cvss 7.2epss 0.03

    SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote authenticated attacker with admin privileges to achieve remote code execution.

  • CVE-2024-32846HigSep 12, 2024
    risk 0.47cvss 7.2epss 0.02

    An unspecified SQL injection in Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote authenticated attacker with admin privileges to achieve remote code execution.

  • CVE-2024-32843HigSep 12, 2024
    risk 0.47cvss 7.2epss 0.02

    An unspecified SQL injection in Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote authenticated attacker with admin privileges to achieve remote code execution.

  • CVE-2024-32842HigSep 12, 2024
    risk 0.47cvss 7.2epss 0.02

    An unspecified SQL injection in Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote authenticated attacker with admin privileges to achieve remote code execution.

  • CVE-2024-8441MedSep 10, 2024
    risk 0.44cvss 6.7epss 0.00

    An uncontrolled search path in the agent of Ivanti EPM before 2022 SU6, or the 2024 September update allows a local authenticated attacker with admin privileges to escalate their privileges to SYSTEM.

  • CVE-2024-8321MedSep 10, 2024
    risk 0.38cvss 5.8epss 0.02

    Missing authentication in Network Isolation of Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote unauthenticated attacker to isolate managed devices from the network.

  • CVE-2024-8320MedSep 10, 2024
    risk 0.35cvss 5.3epss 0.01

    Missing authentication in Network Isolation of Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote unauthenticated attacker to spoof Network Isolation status of managed devices.

  • CVE-2024-8322MedSep 10, 2024
    risk 0.28cvss 4.3epss 0.01

    Weak authentication in Patch Management of Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote authenticated attacker to access restricted functionality.

Page 3 of 3