Ivanti Endpoint Manager 2022 Service Updates 5
Approved changes feed: RSS · Atom
cpe:2.3:a:ivanti:endpoint_manager:2022:su5:*:*:*:*:*:*
part: a version: 2022 update: su5
| Vendor | Ivanti (40b984ad-e54c-5e1b-9aa1-2a4cd4d61129) |
|---|---|
| Product | Endpoint Manager (006063b4-e9bc-5f0c-b4e5-d80a079df021) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from NVD CPE 2.0 feed |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2025-9872 |
vulnerable | 2026-06-03 15:14:39.992896 |
Details available
HIGH (8.8)
Insufficient filename validation in Ivanti Endpoint Manager before 2024 SU3 SR1 and 2022 SU8 SR2 allows a remote unauthenticated attacker to achieve remote code execution. User interaction is required.
Published: 2025-09-09T15:11:13.957Z
Updated: 2026-02-26T17:49:04.223Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-9712 |
vulnerable | 2026-06-03 15:14:39.372907 |
Details available
HIGH (8.8)
Insufficient filename validation in Ivanti Endpoint Manager before 2024 SU3 SR1 and 2022 SU8 SR2 allows a remote unauthenticated attacker to achieve remote code execution. User interaction is required.
Published: 2025-09-09T15:09:05.375Z
Updated: 2026-02-26T17:49:04.952Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-7037 |
vulnerable | 2026-06-03 15:12:30.383895 |
SQL injection in Ivanti Endpoint Manager
HIGH (7.2)
SQL injection in Ivanti Endpoint Manager before version 2024 SU3 and 2022 SU8 Security Update 1 allows a remote authenticated attacker with admin privileges to read arbitrary data from the database
Published: 2025-07-08T14:54:42.789Z
Updated: 2025-07-08T15:07:12.721Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-6996 |
vulnerable | 2026-06-03 15:12:29.518768 |
Improper Encryption in Ivanti Endpoint Manager
HIGH (8.4)
Improper use of encryption in the agent of Ivanti Endpoint Manager before version 2024 SU3 and 2022 SU8 Security Update 1 allows a local authenticated attacker to decrypt other users’ passwords.
Published: 2025-07-08T14:51:04.446Z
Updated: 2025-07-08T15:14:08.808Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-6995 |
vulnerable | 2026-06-03 15:12:29.512663 |
Improper Encryption in Ivanti Endpoint Manager
HIGH (8.4)
Improper use of encryption in the agent of Ivanti Endpoint Manager before version 2024 SU3 and 2022 SU8 Security Update 1 allows a local authenticated attacker to decrypt other users’ passwords.
Published: 2025-07-08T14:45:44.989Z
Updated: 2025-07-08T15:54:49.209Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-22466 |
vulnerable | 2026-06-03 14:59:40.030021 |
Details available
HIGH (8.2)
Reflected XSS in Ivanti Endpoint Manager before version 2024 SU1 or before version 2022 SU7 allows a remote unauthenticated attacker to obtain admin privileges. User interaction is required.
Published: 2025-04-08T14:27:55.834Z
Updated: 2025-04-08T14:46:25.244Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-22465 |
vulnerable | 2026-06-03 14:59:40.029156 |
Details available
MEDIUM (6.1)
Reflected XSS in Ivanti Endpoint Manager before version 2024 SU1 or before version 2022 SU7 allows a remote unauthenticated attacker to execute arbitrary javascript in a victim's browser. Unlikely user interaction is required.
Published: 2025-04-08T14:27:27.199Z
Updated: 2025-04-08T14:52:54.418Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-22464 |
vulnerable | 2026-06-03 14:59:40.028557 |
Details available
MEDIUM (6.1)
An untrusted pointer dereference vulnerability in Ivanti Endpoint Manager before version 2024 SU1 or before version 2022 SU7 allows an attacker with local access to write arbitrary data into memory causing a denial-of-service condition.
Published: 2025-04-08T14:27:03.158Z
Updated: 2025-04-08T15:04:45.498Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-22461 |
vulnerable | 2026-06-03 14:59:40.017564 |
Details available
HIGH (7.2)
SQL injection in Ivanti Endpoint Manager before version 2024 SU1 or before version 2022 SU7 allows a remote authenticated attacker with admin privileges to achieve code execution.
Published: 2025-04-08T14:26:23.423Z
Updated: 2026-02-26T18:28:39.350Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-22459 |
vulnerable | 2026-06-03 14:59:40.012383 |
Details available
MEDIUM (4.8)
Improper certificate validation in Ivanti Endpoint Manager before version 2024 SU1 or before version 2022 SU7 allows a remote unauthenticated attacker to intercept limited traffic between clients and servers.
Published: 2025-04-08T14:25:57.827Z
Updated: 2025-04-08T15:37:26.132Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-22458 |
vulnerable | 2026-06-03 14:59:40.009844 |
Details available
HIGH (7.8)
DLL hijacking in Ivanti Endpoint Manager before version 2024 SU1 or before version 2022 SU7 allows an authenticated attacker to escalate to System.
Published: 2025-04-08T14:25:42.603Z
Updated: 2026-02-26T18:28:39.769Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-8441 |
vulnerable | 2026-06-03 14:58:18.456972 |
Details available
MEDIUM (6.7)
An uncontrolled search path in the agent of Ivanti EPM before 2022 SU6, or the 2024 September update allows a local authenticated attacker with admin privileges to escalate their privileges to SYSTEM.
Published: 2024-09-10T21:01:09.475Z
Updated: 2024-09-12T03:55:23.682Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-8322 |
vulnerable | 2026-06-03 14:58:18.136352 |
Details available
MEDIUM (4.3)
Weak authentication in Patch Management of Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote authenticated attacker to access restricted functionality.
Published: 2024-09-10T20:59:40.339Z
Updated: 2024-09-11T13:50:36.958Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-8321 |
vulnerable | 2026-06-03 14:58:18.135211 |
Details available
MEDIUM (5.8)
Missing authentication in Network Isolation of Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote unauthenticated attacker to isolate managed devices from the network.
Published: 2024-09-10T20:54:02.772Z
Updated: 2024-09-11T15:20:28.646Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-8320 |
vulnerable | 2026-06-03 14:58:18.134249 |
Details available
MEDIUM (5.3)
Missing authentication in Network Isolation of Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote unauthenticated attacker to spoof Network Isolation status of managed devices.
Published: 2024-09-10T20:52:31.146Z
Updated: 2024-09-11T15:19:03.245Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-8191 |
vulnerable | 2026-06-03 14:58:17.385091 |
Details available
HIGH (7.8)
SQL injection in the management console of Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote unauthenticated attacker to achieve remote code execution.
Published: 2024-09-10T20:50:24.547Z
Updated: 2024-09-12T03:55:08.946Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-50330 |
vulnerable | 2026-06-03 14:57:23.987786 |
Details available
CRITICAL (9.8)
SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote unauthenticated attacker to achieve remote code execution.
Published: 2024-11-12T15:42:20.786Z
Updated: 2024-11-19T04:56:10.026Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-50329 |
vulnerable | 2026-06-03 14:57:23.987175 |
Details available
HIGH (8.8)
Path traversal in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote unauthenticated attacker to achieve remote code execution. User interaction is required.
Published: 2024-11-12T15:41:54.415Z
Updated: 2024-11-19T04:56:08.860Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-50328 |
vulnerable | 2026-06-03 14:57:23.986600 |
Details available
HIGH (7.2)
SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote authenticated attacker with admin privileges to achieve remote code execution.
Published: 2024-11-12T15:41:17.871Z
Updated: 2024-11-19T04:55:58.542Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-50327 |
vulnerable | 2026-06-03 14:57:23.985960 |
Details available
HIGH (7.2)
SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote authenticated attacker with admin privileges to achieve remote code execution.
Published: 2024-11-12T15:40:38.609Z
Updated: 2024-11-19T04:55:54.842Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-50326 |
vulnerable | 2026-06-03 14:57:23.984834 |
Details available
HIGH (7.2)
SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote authenticated attacker with admin privileges to achieve remote code execution.
Published: 2024-11-12T15:40:06.902Z
Updated: 2024-11-19T04:56:00.999Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-50324 |
vulnerable | 2026-06-03 14:57:23.984179 |
Details available
HIGH (7.2)
Path traversal in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote authenticated attacker with admin privileges to achieve remote code execution.
Published: 2024-11-12T15:37:52.162Z
Updated: 2024-11-19T04:56:07.498Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-50323 |
vulnerable | 2026-06-03 14:57:23.983535 |
Details available
HIGH (7.8)
SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a local unauthenticated attacker to achieve code execution. User interaction is required.
Published: 2024-11-12T15:37:08.015Z
Updated: 2024-11-19T04:56:06.281Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-50322 |
vulnerable | 2026-06-03 14:57:23.982025 |
Details available
HIGH (7.8)
Path traversal in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a local unauthenticated attacker to achieve code execution. User interaction is required.
Published: 2024-11-12T15:36:09.760Z
Updated: 2024-11-19T04:55:49.893Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-37397 |
vulnerable | 2026-06-03 14:56:06.481045 |
Details available
HIGH (8.2)
An External XML Entity (XXE) vulnerability in the provisioning web service of Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote unauthenticated attacker to leak API secrets.
Published: 2024-09-12T01:09:56.254Z
Updated: 2024-09-13T15:48:43.529Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-37376 |
vulnerable | 2026-06-03 14:56:06.422798 |
Details available
HIGH (7.2)
SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote authenticated attacker with admin privileges to achieve remote code execution.
Published: 2024-11-13T01:54:45.383Z
Updated: 2024-11-19T04:55:56.052Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-34787 |
vulnerable | 2026-06-03 14:55:55.282137 |
Details available
HIGH (7.8)
Path traversal in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a local unauthenticated attacker to achieve code execution. User interaction is required.
Published: 2024-11-13T01:54:45.416Z
Updated: 2024-11-19T04:55:48.661Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-34785 |
vulnerable | 2026-06-03 14:55:55.272530 |
Details available
CRITICAL (9.1)
An unspecified SQL injection in Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote authenticated attacker with admin privileges to achieve remote code execution.
Published: 2024-09-12T01:09:56.248Z
Updated: 2024-09-12T21:16:44.057Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-34784 |
vulnerable | 2026-06-03 14:55:55.271918 |
Details available
HIGH (7.2)
SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote authenticated attacker with admin privileges to achieve remote code execution.
Published: 2024-11-13T01:54:45.555Z
Updated: 2024-11-19T04:56:05.016Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-34783 |
vulnerable | 2026-06-03 14:55:55.271381 |
Details available
CRITICAL (9.1)
An unspecified SQL injection in Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote authenticated attacker with admin privileges to achieve remote code execution.
Published: 2024-09-12T01:09:56.337Z
Updated: 2024-09-12T21:19:26.664Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-34782 |
vulnerable | 2026-06-03 14:55:55.270852 |
Details available
HIGH (7.2)
SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote authenticated attacker with admin privileges to achieve remote code execution.
Published: 2024-11-13T01:54:45.386Z
Updated: 2024-11-19T04:55:59.747Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-34781 |
vulnerable | 2026-06-03 14:55:55.270411 |
Details available
HIGH (7.2)
SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote authenticated attacker with admin privileges to achieve remote code execution.
Published: 2024-11-13T01:54:45.516Z
Updated: 2024-11-19T04:55:57.271Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-34780 |
vulnerable | 2026-06-03 14:55:55.269869 |
Details available
HIGH (7.2)
SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote authenticated attacker with admin privileges to achieve remote code execution.
Published: 2024-11-13T01:54:45.552Z
Updated: 2024-11-19T04:55:52.429Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-34779 |
vulnerable | 2026-06-03 14:55:55.269194 |
Details available
CRITICAL (9.1)
An unspecified SQL injection in Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote authenticated attacker with admin privileges to achieve remote code execution.
Published: 2024-09-12T01:09:56.258Z
Updated: 2024-09-12T21:18:18.550Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-32848 |
vulnerable | 2026-06-03 14:55:48.187661 |
Details available
CRITICAL (9.1)
An unspecified SQL injection in Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote authenticated attacker with admin privileges to achieve remote code execution.
Published: 2024-09-12T01:09:56.249Z
Updated: 2024-09-12T21:18:06.645Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-32847 |
vulnerable | 2026-06-03 14:55:48.186935 |
Details available
HIGH (7.2)
SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote authenticated attacker with admin privileges to achieve remote code execution.
Published: 2024-11-13T01:54:45.408Z
Updated: 2024-11-19T04:56:03.781Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-32846 |
vulnerable | 2026-06-03 14:55:48.186274 |
Details available
CRITICAL (9.1)
An unspecified SQL injection in Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote authenticated attacker with admin privileges to achieve remote code execution.
Published: 2024-09-12T01:09:56.175Z
Updated: 2024-09-12T21:15:08.269Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-32845 |
vulnerable | 2026-06-03 14:55:48.185497 |
Details available
CRITICAL (9.1)
An unspecified SQL injection in Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote authenticated attacker with admin privileges to achieve remote code execution.
Published: 2024-09-12T01:09:56.175Z
Updated: 2024-09-12T21:14:44.010Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-32844 |
vulnerable | 2026-06-03 14:55:48.184977 |
Details available
HIGH (7.2)
SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote authenticated attacker with admin privileges to achieve remote code execution.
Published: 2024-11-13T01:54:45.443Z
Updated: 2024-11-19T04:56:02.536Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-32843 |
vulnerable | 2026-06-03 14:55:48.184495 |
Details available
CRITICAL (9.1)
An unspecified SQL injection in Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote authenticated attacker with admin privileges to achieve remote code execution.
Published: 2024-09-12T01:09:56.230Z
Updated: 2024-09-12T21:16:22.723Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-32842 |
vulnerable | 2026-06-03 14:55:48.183945 |
Details available
CRITICAL (9.1)
An unspecified SQL injection in Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote authenticated attacker with admin privileges to achieve remote code execution.
Published: 2024-09-12T01:09:56.173Z
Updated: 2024-09-12T21:13:06.489Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-32841 |
vulnerable | 2026-06-03 14:55:48.183290 |
Details available
HIGH (7.2)
SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote authenticated attacker with admin privileges to achieve remote code execution.
Published: 2024-11-13T01:54:45.386Z
Updated: 2024-11-19T04:55:51.227Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-32840 |
vulnerable | 2026-06-03 14:55:48.182791 |
Details available
CRITICAL (9.1)
An unspecified SQL injection in Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote authenticated attacker with admin privileges to achieve remote code execution.
Published: 2024-09-12T01:09:56.338Z
Updated: 2024-09-12T21:20:02.605Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-32839 |
vulnerable | 2026-06-03 14:55:48.181406 |
Details available
HIGH (7.2)
SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote authenticated attacker with admin privileges to achieve remote code execution.
Published: 2024-11-13T01:54:45.475Z
Updated: 2024-11-19T04:55:53.626Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-29847 |
vulnerable | 2026-06-03 14:55:27.540531 |
Details available
CRITICAL (10)
Deserialization of untrusted data in the agent portal of Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote unauthenticated attacker to achieve remote code execution.
Published: 2024-09-12T01:09:56.277Z
Updated: 2024-09-17T03:55:12.223Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-29846 |
vulnerable | 2026-06-03 14:55:27.540028 |
Details available
HIGH (8.4)
An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an authenticated attacker within the same network to execute arbitrary code.
Published: 2024-05-31T17:38:31.371Z
Updated: 2024-08-02T01:17:58.190Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-29830 |
vulnerable | 2026-06-03 14:55:27.520219 |
Details available
HIGH (8.4)
An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an authenticated attacker within the same network to execute arbitrary code.
Published: 2024-05-31T17:38:31.352Z
Updated: 2024-08-02T01:17:57.943Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-29829 |
vulnerable | 2026-06-03 14:55:27.519628 |
Details available
HIGH (8.4)
An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an authenticated attacker within the same network to execute arbitrary code.
Published: 2024-05-31T17:38:31.379Z
Updated: 2024-08-02T01:17:58.030Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-29828 |
vulnerable | 2026-06-03 14:55:27.519025 |
Details available
HIGH (8.4)
An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an authenticated attacker within the same network to execute arbitrary code.
Published: 2024-05-31T17:38:31.394Z
Updated: 2024-08-02T01:17:57.504Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-29827 |
vulnerable | 2026-06-03 14:55:27.518307 |
Details available
CRITICAL (9.6)
An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an unauthenticated attacker within the same network to execute arbitrary code.
Published: 2024-05-31T17:38:31.405Z
Updated: 2024-08-02T01:17:57.542Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-29826 |
vulnerable | 2026-06-03 14:55:27.517617 |
Details available
CRITICAL (9.6)
An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an unauthenticated attacker within the same network to execute arbitrary code.
Published: 2024-05-31T17:38:31.399Z
Updated: 2024-08-02T01:17:58.045Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-29825 |
vulnerable | 2026-06-03 14:55:27.517023 |
Details available
CRITICAL (9.6)
An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an unauthenticated attacker within the same network to execute arbitrary code.
Published: 2024-05-31T17:38:31.330Z
Updated: 2024-08-02T01:17:57.543Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-29824 |
vulnerable | 2026-06-03 14:55:27.516537 |
Details available
CRITICAL (9.6)
An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an unauthenticated attacker within the same network to execute arbitrary code.
Published: 2024-05-31T17:38:31.331Z
Updated: 2025-10-21T23:05:16.909Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-29823 |
vulnerable | 2026-06-03 14:55:27.515958 |
Details available
CRITICAL (9.6)
An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an unauthenticated attacker within the same network to execute arbitrary code.
Published: 2024-05-31T17:38:31.409Z
Updated: 2024-08-02T01:17:57.385Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-29822 |
vulnerable | 2026-06-03 14:55:27.515012 |
Details available
CRITICAL (9.6)
An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an unauthenticated attacker within the same network to execute arbitrary code.
Published: 2024-05-31T17:38:31.401Z
Updated: 2024-08-02T01:17:58.027Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-13172 |
vulnerable | 2026-06-03 14:54:23.850657 |
Details available
HIGH (7.8)
Improper signature verification in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to achieve remote code execution. Local user interaction is required.
Published: 2025-01-14T17:16:17.218Z
Updated: 2026-02-26T19:09:29.342Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-13171 |
vulnerable | 2026-06-03 14:54:23.850204 |
Details available
HIGH (7.8)
Insufficient filename validation in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to achieve remote code execution. Local user interaction is required.
Published: 2025-01-14T17:16:48.419Z
Updated: 2026-02-26T19:09:29.018Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-13170 |
vulnerable | 2026-06-03 14:54:23.849576 |
Details available
HIGH (7.5)
An out-of-bounds write in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to cause a denial of service.
Published: 2025-01-14T17:17:50.470Z
Updated: 2025-01-16T21:17:15.067Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-13169 |
vulnerable | 2026-06-03 14:54:23.848937 |
Details available
HIGH (7.8)
An out-of-bounds read in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a local authenticated attacker to escalate their privileges.
Published: 2025-01-14T17:18:28.069Z
Updated: 2026-02-26T19:09:28.733Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-13168 |
vulnerable | 2026-06-03 14:54:23.842903 |
Details available
HIGH (7.5)
An out-of-bounds write in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to cause a denial of service.
Published: 2025-01-14T17:19:00.787Z
Updated: 2025-01-16T21:18:56.082Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-13167 |
vulnerable | 2026-06-03 14:54:23.842474 |
Details available
HIGH (7.5)
An out-of-bounds write in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to cause a denial of service.
Published: 2025-01-14T17:19:43.062Z
Updated: 2025-01-16T21:19:20.404Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-13166 |
vulnerable | 2026-06-03 14:54:23.841783 |
Details available
HIGH (7.5)
An out-of-bounds write in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to cause a denial of service.
Published: 2025-01-14T17:20:19.876Z
Updated: 2025-01-15T15:20:00.615Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-13165 |
vulnerable | 2026-06-03 14:54:23.841047 |
Details available
HIGH (7.5)
An out-of-bounds write in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to cause a denial of service.
Published: 2025-01-14T17:22:15.933Z
Updated: 2025-01-15T15:19:52.577Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-13164 |
vulnerable | 2026-06-03 14:54:23.840506 |
Details available
HIGH (7.8)
An uninitialized resource in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a local authenticated attacker to escalate their privileges.
Published: 2025-01-14T17:22:49.382Z
Updated: 2026-02-26T19:09:28.454Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-13163 |
vulnerable | 2026-06-03 14:54:23.839982 |
Details available
HIGH (7.8)
Deserialization of untrusted data in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to achieve remote code execution. Local user interaction is required.
Published: 2025-01-14T17:23:13.781Z
Updated: 2026-02-26T19:09:28.096Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-13162 |
vulnerable | 2026-06-03 14:54:23.839458 |
Details available
HIGH (7.2)
SQL injection in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote authenticated attacker with admin privileges to achieve remote code execution. This CVE addresses incomplete fixes from CVE-2024-32848.
Published: 2025-01-14T17:23:48.256Z
Updated: 2026-02-26T19:09:27.921Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-13161 |
vulnerable | 2026-06-03 14:54:23.838892 |
Details available
CRITICAL (9.8)
Absolute path traversal in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to leak sensitive information.
Published: 2025-01-14T17:11:32.061Z
Updated: 2025-10-21T22:55:32.564Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-13160 |
vulnerable | 2026-06-03 14:54:23.838339 |
Details available
CRITICAL (9.8)
Absolute path traversal in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to leak sensitive information.
Published: 2025-01-14T17:12:23.237Z
Updated: 2025-10-21T22:55:32.382Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-13159 |
vulnerable | 2026-06-03 14:54:23.835646 |
Details available
CRITICAL (9.8)
Absolute path traversal in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to leak sensitive information.
Published: 2025-01-14T17:12:57.652Z
Updated: 2025-10-21T22:55:32.248Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-13158 |
vulnerable | 2026-06-03 14:54:23.834225 |
Details available
HIGH (7.2)
An unbounded resource search path in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote authenticated attacker with admin privileges to achieve remote code execution.
Published: 2025-01-14T17:13:29.275Z
Updated: 2026-02-26T19:09:29.804Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-10811 |
vulnerable | 2026-06-03 14:54:12.610005 |
Details available
CRITICAL (9.8)
Absolute path traversal in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to leak sensitive information.
Published: 2025-01-14T16:59:32.982Z
Updated: 2026-02-26T19:09:29.972Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-10256 |
vulnerable | 2026-06-03 14:54:05.204242 |
Details available
HIGH (7.1)
Insufficient permissions in Ivanti Patch SDK before version 9.7.703 allows a local authenticated attacker to delete arbitrary files.
Published: 2024-12-10T18:46:01.911Z
Updated: 2024-12-10T20:44:59.599Z |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.