Filtered by vendor Ivanti
Subscriptions
Filtered by product Endpoint Manager
Subscriptions
Total
36 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2024-29847 | 1 Ivanti | 1 Endpoint Manager | 2024-09-17 | 9.8 Critical |
Deserialization of untrusted data in the agent portal of Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote unauthenticated attacker to achieve remote code execution. | ||||
CVE-2024-37397 | 1 Ivanti | 1 Endpoint Manager | 2024-09-13 | 8.2 High |
An External XML Entity (XXE) vulnerability in the provisioning web service of Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote unauthenticated attacker to leak API secrets. | ||||
CVE-2023-35084 | 1 Ivanti | 1 Endpoint Manager | 2024-09-13 | 9.8 Critical |
Unsafe Deserialization of User Input could lead to Execution of Unauthorized Operations in Ivanti Endpoint Manager 2022 su3 and all previous versions, which could allow an attacker to execute commands remotely. | ||||
CVE-2023-35083 | 1 Ivanti | 1 Endpoint Manager | 2024-09-13 | 6.5 Medium |
Allows an authenticated attacker with network access to read arbitrary files on Endpoint Manager recently discovered on 2022 SU3 and all previous versions potentially leading to the leakage of sensitive information. | ||||
CVE-2024-34785 | 1 Ivanti | 1 Endpoint Manager | 2024-09-12 | 7.2 High |
An unspecified SQL injection in Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote authenticated attacker with admin privileges to achieve remote code execution. | ||||
CVE-2024-34783 | 1 Ivanti | 1 Endpoint Manager | 2024-09-12 | 7.2 High |
An unspecified SQL injection in Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote authenticated attacker with admin privileges to achieve remote code execution. | ||||
CVE-2024-34779 | 1 Ivanti | 1 Endpoint Manager | 2024-09-12 | 7.2 High |
An unspecified SQL injection in Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote authenticated attacker with admin privileges to achieve remote code execution. | ||||
CVE-2024-32848 | 1 Ivanti | 1 Endpoint Manager | 2024-09-12 | 7.2 High |
An unspecified SQL injection in Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote authenticated attacker with admin privileges to achieve remote code execution. | ||||
CVE-2024-32846 | 1 Ivanti | 1 Endpoint Manager | 2024-09-12 | 7.2 High |
An unspecified SQL injection in Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote authenticated attacker with admin privileges to achieve remote code execution. | ||||
CVE-2024-32845 | 1 Ivanti | 1 Endpoint Manager | 2024-09-12 | 7.2 High |
An unspecified SQL injection in Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote authenticated attacker with admin privileges to achieve remote code execution. | ||||
CVE-2024-32843 | 1 Ivanti | 1 Endpoint Manager | 2024-09-12 | 7.2 High |
An unspecified SQL injection in Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote authenticated attacker with admin privileges to achieve remote code execution. | ||||
CVE-2024-32842 | 1 Ivanti | 1 Endpoint Manager | 2024-09-12 | 7.2 High |
An unspecified SQL injection in Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote authenticated attacker with admin privileges to achieve remote code execution. | ||||
CVE-2024-32840 | 1 Ivanti | 1 Endpoint Manager | 2024-09-12 | 7.2 High |
An unspecified SQL injection in Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote authenticated attacker with admin privileges to achieve remote code execution. | ||||
CVE-2024-8322 | 1 Ivanti | 1 Endpoint Manager | 2024-09-12 | 4.3 Medium |
Weak authentication in Patch Management of Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote authenticated attacker to access restricted functionality. | ||||
CVE-2024-8441 | 1 Ivanti | 1 Endpoint Manager | 2024-09-12 | 6.7 Medium |
An uncontrolled search path in the agent of Ivanti EPM before 2022 SU6, or the 2024 September update allows a local authenticated attacker with admin privileges to escalate their privileges to SYSTEM. | ||||
CVE-2024-8321 | 1 Ivanti | 1 Endpoint Manager | 2024-09-12 | 5.8 Medium |
Missing authentication in Network Isolation of Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote unauthenticated attacker to isolate managed devices from the network. | ||||
CVE-2024-8320 | 1 Ivanti | 2 Automation, Endpoint Manager | 2024-09-12 | 5.3 Medium |
Missing authentication in Network Isolation of Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote unauthenticated attacker to spoof Network Isolation status of managed devices. | ||||
CVE-2024-8191 | 1 Ivanti | 1 Endpoint Manager | 2024-09-12 | 7.8 High |
SQL injection in the management console of Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote unauthenticated attacker to achieve remote code execution. | ||||
CVE-2017-11463 | 1 Ivanti | 1 Endpoint Manager | 2024-08-05 | N/A |
In Ivanti Service Desk (formerly LANDESK Management Suite) versions between 2016.3 and 2017.3, an Unrestricted Direct Object Reference leads to referencing/updating objects belonging to other users. In other words, a normal user can send requests to a specific URI with the target user's username in an HTTP payload in order to retrieve a key/token and use it to access/update objects belonging to other users. Such objects could be user profiles, tickets, incidents, etc. | ||||
CVE-2019-10651 | 1 Ivanti | 1 Endpoint Manager | 2024-08-04 | N/A |
An issue was discovered in the Core Server in Ivanti Endpoint Manager (EPM) 2017.3 before SU7 and 2018.x before 2018.3 SU3, with remote code execution. In other words, the issue affects 2017.3, 2018.1, and 2018.3 installations that lack the April 2019 update. |