Ivanti Endpoint Manager 2024
Approved changes feed: RSS · Atom
cpe:2.3:a:ivanti:endpoint_manager:2024:-:*:*:*:*:*:*
part: a version: 2024 update: -
| Vendor | Ivanti (40b984ad-e54c-5e1b-9aa1-2a4cd4d61129) |
|---|---|
| Product | Endpoint Manager (006063b4-e9bc-5f0c-b4e5-d80a079df021) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from NVD CPE 2.0 feed |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2026-8111 |
vulnerable | 2026-06-03 15:27:57.653975 |
Details available
HIGH (8.8)
SQL injection in the web console of Ivanti Endpoint Manager before version 2024 SU6 allows a remote authenticated attacker to achieve remote code execution.
Published: 2026-05-12T14:33:45.708Z
Updated: 2026-05-13T03:57:54.231Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2026-8110 |
vulnerable | 2026-06-03 15:27:57.652962 |
Details available
HIGH (7.8)
Incorrect permissions assignment in the agent of Ivanti Endpoint Manager before version 2024 SU6 allows a local authenticated attacker to escalate their privileges.
Published: 2026-05-12T14:31:26.135Z
Updated: 2026-05-13T03:57:53.140Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2026-8109 |
vulnerable | 2026-06-03 15:27:57.644672 |
Details available
MEDIUM (6.5)
An exposed dangerous method on the Core Server of Ivanti Endpoint Manager before version 2024 SU6 allows a remote authenticated attacker to leak access credentials.
Published: 2026-05-12T14:29:10.500Z
Updated: 2026-05-12T18:58:58.165Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2026-1603 |
vulnerable | 2026-06-03 15:14:44.732003 |
Details available
HIGH (8.6)
An authentication bypass in Ivanti Endpoint Manager before version 2024 SU5 allows a remote unauthenticated attacker to leak specific stored credential data.
Published: 2026-02-10T15:09:35.459Z
Updated: 2026-03-10T03:55:23.819Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2026-1602 |
vulnerable | 2026-06-03 15:14:44.724429 |
Details available
MEDIUM (6.5)
SQL injection in Ivanti Endpoint Manager before version 2024 SU5 allows a remote authenticated attacker to read arbitrary data from the database.
Published: 2026-02-10T15:07:27.198Z
Updated: 2026-02-26T15:04:12.393Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-9872 |
vulnerable | 2026-06-03 15:14:39.993279 |
Details available
HIGH (8.8)
Insufficient filename validation in Ivanti Endpoint Manager before 2024 SU3 SR1 and 2022 SU8 SR2 allows a remote unauthenticated attacker to achieve remote code execution. User interaction is required.
Published: 2025-09-09T15:11:13.957Z
Updated: 2026-02-26T17:49:04.223Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-9713 |
vulnerable | 2026-06-03 15:14:39.383607 |
Details available
HIGH (8.8)
Path traversal in Ivanti Endpoint Manager before version 2024 SU4 allows a remote unauthenticated attacker to achieve remote code execution. User interaction is required.
Published: 2025-10-13T21:08:13.112Z
Updated: 2026-02-26T17:47:44.122Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-9712 |
vulnerable | 2026-06-03 15:14:39.381003 |
Details available
HIGH (8.8)
Insufficient filename validation in Ivanti Endpoint Manager before 2024 SU3 SR1 and 2022 SU8 SR2 allows a remote unauthenticated attacker to achieve remote code execution. User interaction is required.
Published: 2025-09-09T15:09:05.375Z
Updated: 2026-02-26T17:49:04.952Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-7037 |
vulnerable | 2026-06-03 15:12:30.384143 |
SQL injection in Ivanti Endpoint Manager
HIGH (7.2)
SQL injection in Ivanti Endpoint Manager before version 2024 SU3 and 2022 SU8 Security Update 1 allows a remote authenticated attacker with admin privileges to read arbitrary data from the database
Published: 2025-07-08T14:54:42.789Z
Updated: 2025-07-08T15:07:12.721Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-6996 |
vulnerable | 2026-06-03 15:12:29.519027 |
Improper Encryption in Ivanti Endpoint Manager
HIGH (8.4)
Improper use of encryption in the agent of Ivanti Endpoint Manager before version 2024 SU3 and 2022 SU8 Security Update 1 allows a local authenticated attacker to decrypt other users’ passwords.
Published: 2025-07-08T14:51:04.446Z
Updated: 2025-07-08T15:14:08.808Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-6995 |
vulnerable | 2026-06-03 15:12:29.515625 |
Improper Encryption in Ivanti Endpoint Manager
HIGH (8.4)
Improper use of encryption in the agent of Ivanti Endpoint Manager before version 2024 SU3 and 2022 SU8 Security Update 1 allows a local authenticated attacker to decrypt other users’ passwords.
Published: 2025-07-08T14:45:44.989Z
Updated: 2025-07-08T15:54:49.209Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-62392 |
vulnerable | 2026-06-03 15:07:58.712391 |
Details available
MEDIUM (6.5)
SQL injection in Ivanti Endpoint Manager before version 2024 SU5 allows a remote authenticated attacker to read arbitrary data from the database.
Published: 2025-10-13T21:10:15.318Z
Updated: 2026-02-10T17:03:59.025Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-62391 |
vulnerable | 2026-06-03 15:07:58.711715 |
Details available
MEDIUM (6.5)
SQL injection in Ivanti Endpoint Manager before version 2024 SU5 allows a remote authenticated attacker to read arbitrary data from the database.
Published: 2025-10-13T21:12:22.188Z
Updated: 2026-02-10T17:07:35.039Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-62390 |
vulnerable | 2026-06-03 15:07:58.711253 |
Details available
MEDIUM (6.5)
SQL injection in Ivanti Endpoint Manager before version 2024 SU5 allows a remote authenticated attacker to read arbitrary data from the database.
Published: 2025-10-13T21:10:53.982Z
Updated: 2026-02-10T17:03:03.801Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-62389 |
vulnerable | 2026-06-03 15:07:58.710607 |
Details available
MEDIUM (6.5)
SQL injection in Ivanti Endpoint Manager before version 2024 SU5 allows a remote authenticated attacker to read arbitrary data from the database.
Published: 2025-10-13T21:11:18.043Z
Updated: 2026-02-10T17:04:40.319Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-62388 |
vulnerable | 2026-06-03 15:07:58.709983 |
Details available
MEDIUM (6.5)
SQL injection in Ivanti Endpoint Manager before version 2024 SU5 allows a remote authenticated attacker to read arbitrary data from the database.
Published: 2025-10-13T21:11:34.823Z
Updated: 2026-02-10T17:05:16.161Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-62387 |
vulnerable | 2026-06-03 15:07:58.709448 |
Details available
MEDIUM (6.5)
SQL injection in Ivanti Endpoint Manager before version 2024 SU5 allows a remote authenticated attacker to read arbitrary data from the database.
Published: 2025-10-13T21:11:52.712Z
Updated: 2026-02-10T17:06:13.734Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-62386 |
vulnerable | 2026-06-03 15:07:58.708741 |
Details available
MEDIUM (6.5)
SQL injection in Ivanti Endpoint Manager before version 2024 SU5 allows a remote authenticated attacker to read arbitrary data from the database.
Published: 2025-10-13T21:12:52.222Z
Updated: 2026-02-10T17:08:56.495Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-62385 |
vulnerable | 2026-06-03 15:07:58.708057 |
Details available
MEDIUM (6.5)
SQL injection in Ivanti Endpoint Manager before version 2024 SU5 allows a remote authenticated attacker to read arbitrary data from the database.
Published: 2025-10-13T21:12:08.724Z
Updated: 2026-02-10T17:06:52.469Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-62384 |
vulnerable | 2026-06-03 15:07:58.707383 |
Details available
MEDIUM (6.5)
SQL injection in Ivanti Endpoint Manager before version 2024 SU5 allows a remote authenticated attacker to read arbitrary data from the database.
Published: 2025-10-13T21:13:05.017Z
Updated: 2026-02-10T17:09:32.081Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-62383 |
vulnerable | 2026-06-03 15:07:58.702588 |
Details available
MEDIUM (6.5)
SQL injection in Ivanti Endpoint Manager before version 2024 SU5 allows a remote authenticated attacker to read arbitrary data from the database.
Published: 2025-10-13T21:12:38.655Z
Updated: 2026-02-10T17:08:17.427Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-22466 |
vulnerable | 2026-06-03 14:59:40.030059 |
Details available
HIGH (8.2)
Reflected XSS in Ivanti Endpoint Manager before version 2024 SU1 or before version 2022 SU7 allows a remote unauthenticated attacker to obtain admin privileges. User interaction is required.
Published: 2025-04-08T14:27:55.834Z
Updated: 2025-04-08T14:46:25.244Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-22465 |
vulnerable | 2026-06-03 14:59:40.029195 |
Details available
MEDIUM (6.1)
Reflected XSS in Ivanti Endpoint Manager before version 2024 SU1 or before version 2022 SU7 allows a remote unauthenticated attacker to execute arbitrary javascript in a victim's browser. Unlikely user interaction is required.
Published: 2025-04-08T14:27:27.199Z
Updated: 2025-04-08T14:52:54.418Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-22464 |
vulnerable | 2026-06-03 14:59:40.028678 |
Details available
MEDIUM (6.1)
An untrusted pointer dereference vulnerability in Ivanti Endpoint Manager before version 2024 SU1 or before version 2022 SU7 allows an attacker with local access to write arbitrary data into memory causing a denial-of-service condition.
Published: 2025-04-08T14:27:03.158Z
Updated: 2025-04-08T15:04:45.498Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-22461 |
vulnerable | 2026-06-03 14:59:40.017605 |
Details available
HIGH (7.2)
SQL injection in Ivanti Endpoint Manager before version 2024 SU1 or before version 2022 SU7 allows a remote authenticated attacker with admin privileges to achieve code execution.
Published: 2025-04-08T14:26:23.423Z
Updated: 2026-02-26T18:28:39.350Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-22459 |
vulnerable | 2026-06-03 14:59:40.012420 |
Details available
MEDIUM (4.8)
Improper certificate validation in Ivanti Endpoint Manager before version 2024 SU1 or before version 2022 SU7 allows a remote unauthenticated attacker to intercept limited traffic between clients and servers.
Published: 2025-04-08T14:25:57.827Z
Updated: 2025-04-08T15:37:26.132Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-22458 |
vulnerable | 2026-06-03 14:59:40.011556 |
Details available
HIGH (7.8)
DLL hijacking in Ivanti Endpoint Manager before version 2024 SU1 or before version 2022 SU7 allows an authenticated attacker to escalate to System.
Published: 2025-04-08T14:25:42.603Z
Updated: 2026-02-26T18:28:39.769Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-13662 |
vulnerable | 2026-06-03 14:58:46.654792 |
Details available
HIGH (7.8)
Improper verification of cryptographic signatures in the patch management component of Ivanti Endpoint Manager prior to version 2024 SU4 SR1 allows a remote unauthenticated attacker to execute arbitrary code. User Interaction is required.
Published: 2025-12-09T16:05:31.059Z
Updated: 2026-02-26T16:57:03.979Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-13661 |
vulnerable | 2026-06-03 14:58:46.654129 |
Details available
HIGH (7.1)
Path traversal in Ivanti Endpoint Manager prior to version 2024 SU4 SR1 allows a remote authenticated attacker to write arbitrary files outside of the intended directory. User interaction is required.
Published: 2025-12-09T16:01:18.193Z
Updated: 2026-02-26T16:57:04.977Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-13659 |
vulnerable | 2026-06-03 14:58:46.649928 |
Details available
HIGH (8.8)
Improper control of dynamically managed code resources in Ivanti Endpoint Manager prior to version 2024 SU4 SR1 allows a remote, unauthenticated attacker to write arbitrary files on the server, potentially leading to remote code execution. User interaction is required.
Published: 2025-12-09T15:59:18.340Z
Updated: 2026-02-26T16:57:05.566Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-11623 |
vulnerable | 2026-06-03 14:58:42.791132 |
Details available
MEDIUM (6.5)
SQL injection in Ivanti Endpoint Manager before version 2024 SU5 allows a remote authenticated attacker to read arbitrary data from the database.
Published: 2025-10-13T21:09:07.731Z
Updated: 2026-02-10T17:03:35.043Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-11622 |
vulnerable | 2026-06-03 14:58:42.788177 |
Details available
HIGH (7.8)
Insecure deserialization in Ivanti Endpoint Manager before version 2024 SU4 allows a local authenticated attacker to escalate their privileges.
Published: 2025-10-13T21:07:50.065Z
Updated: 2026-02-26T17:47:44.396Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-10918 |
vulnerable | 2026-06-03 14:58:35.093705 |
Details available
HIGH (7.1)
Insecure default permissions in the agent of Ivanti Endpoint Manager before version 2024 SU4 allows a local authenticated attacker to write arbitrary files anywhere on disk
Published: 2025-11-11T15:31:54.062Z
Updated: 2025-11-12T20:02:59.040Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-10573 |
vulnerable | 2026-06-03 14:58:34.347842 |
Details available
CRITICAL (9.6)
Stored XSS in Ivanti Endpoint Manager prior to version 2024 SU4 SR1 allows a remote unauthenticated attacker to execute arbitrary JavaScript in the context of an administrator session. User interaction is required.
Published: 2025-12-09T15:55:23.422Z
Updated: 2026-02-26T16:57:06.042Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-8441 |
vulnerable | 2026-06-03 14:58:18.456991 |
Details available
MEDIUM (6.7)
An uncontrolled search path in the agent of Ivanti EPM before 2022 SU6, or the 2024 September update allows a local authenticated attacker with admin privileges to escalate their privileges to SYSTEM.
Published: 2024-09-10T21:01:09.475Z
Updated: 2024-09-12T03:55:23.682Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-8322 |
vulnerable | 2026-06-03 14:58:18.136461 |
Details available
MEDIUM (4.3)
Weak authentication in Patch Management of Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote authenticated attacker to access restricted functionality.
Published: 2024-09-10T20:59:40.339Z
Updated: 2024-09-11T13:50:36.958Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-8321 |
vulnerable | 2026-06-03 14:58:18.135229 |
Details available
MEDIUM (5.8)
Missing authentication in Network Isolation of Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote unauthenticated attacker to isolate managed devices from the network.
Published: 2024-09-10T20:54:02.772Z
Updated: 2024-09-11T15:20:28.646Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-8320 |
vulnerable | 2026-06-03 14:58:18.134347 |
Details available
MEDIUM (5.3)
Missing authentication in Network Isolation of Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote unauthenticated attacker to spoof Network Isolation status of managed devices.
Published: 2024-09-10T20:52:31.146Z
Updated: 2024-09-11T15:19:03.245Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-8191 |
vulnerable | 2026-06-03 14:58:17.385722 |
Details available
HIGH (7.8)
SQL injection in the management console of Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote unauthenticated attacker to achieve remote code execution.
Published: 2024-09-10T20:50:24.547Z
Updated: 2024-09-12T03:55:08.946Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-50330 |
vulnerable | 2026-06-03 14:57:23.987802 |
Details available
CRITICAL (9.8)
SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote unauthenticated attacker to achieve remote code execution.
Published: 2024-11-12T15:42:20.786Z
Updated: 2024-11-19T04:56:10.026Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-50329 |
vulnerable | 2026-06-03 14:57:23.987193 |
Details available
HIGH (8.8)
Path traversal in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote unauthenticated attacker to achieve remote code execution. User interaction is required.
Published: 2024-11-12T15:41:54.415Z
Updated: 2024-11-19T04:56:08.860Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-50328 |
vulnerable | 2026-06-03 14:57:23.986619 |
Details available
HIGH (7.2)
SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote authenticated attacker with admin privileges to achieve remote code execution.
Published: 2024-11-12T15:41:17.871Z
Updated: 2024-11-19T04:55:58.542Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-50327 |
vulnerable | 2026-06-03 14:57:23.985976 |
Details available
HIGH (7.2)
SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote authenticated attacker with admin privileges to achieve remote code execution.
Published: 2024-11-12T15:40:38.609Z
Updated: 2024-11-19T04:55:54.842Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-50326 |
vulnerable | 2026-06-03 14:57:23.984930 |
Details available
HIGH (7.2)
SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote authenticated attacker with admin privileges to achieve remote code execution.
Published: 2024-11-12T15:40:06.902Z
Updated: 2024-11-19T04:56:00.999Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-50324 |
vulnerable | 2026-06-03 14:57:23.984196 |
Details available
HIGH (7.2)
Path traversal in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote authenticated attacker with admin privileges to achieve remote code execution.
Published: 2024-11-12T15:37:52.162Z
Updated: 2024-11-19T04:56:07.498Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-50323 |
vulnerable | 2026-06-03 14:57:23.983553 |
Details available
HIGH (7.8)
SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a local unauthenticated attacker to achieve code execution. User interaction is required.
Published: 2024-11-12T15:37:08.015Z
Updated: 2024-11-19T04:56:06.281Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-50322 |
vulnerable | 2026-06-03 14:57:23.982678 |
Details available
HIGH (7.8)
Path traversal in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a local unauthenticated attacker to achieve code execution. User interaction is required.
Published: 2024-11-12T15:36:09.760Z
Updated: 2024-11-19T04:55:49.893Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-37381 |
vulnerable | 2026-06-03 14:56:06.438416 |
Details available
HIGH (8.4)
An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2024 flat allows an authenticated attacker within the same network to execute arbitrary code.
Published: 2024-07-29T05:43:16.144Z
Updated: 2024-08-02T03:50:55.937Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-37376 |
vulnerable | 2026-06-03 14:56:06.423389 |
Details available
HIGH (7.2)
SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote authenticated attacker with admin privileges to achieve remote code execution.
Published: 2024-11-13T01:54:45.383Z
Updated: 2024-11-19T04:55:56.052Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-34787 |
vulnerable | 2026-06-03 14:55:55.282159 |
Details available
HIGH (7.8)
Path traversal in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a local unauthenticated attacker to achieve code execution. User interaction is required.
Published: 2024-11-13T01:54:45.416Z
Updated: 2024-11-19T04:55:48.661Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-34785 |
vulnerable | 2026-06-03 14:55:55.272547 |
Details available
CRITICAL (9.1)
An unspecified SQL injection in Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote authenticated attacker with admin privileges to achieve remote code execution.
Published: 2024-09-12T01:09:56.248Z
Updated: 2024-09-12T21:16:44.057Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-34784 |
vulnerable | 2026-06-03 14:55:55.271935 |
Details available
HIGH (7.2)
SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote authenticated attacker with admin privileges to achieve remote code execution.
Published: 2024-11-13T01:54:45.555Z
Updated: 2024-11-19T04:56:05.016Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-34783 |
vulnerable | 2026-06-03 14:55:55.271398 |
Details available
CRITICAL (9.1)
An unspecified SQL injection in Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote authenticated attacker with admin privileges to achieve remote code execution.
Published: 2024-09-12T01:09:56.337Z
Updated: 2024-09-12T21:19:26.664Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-34782 |
vulnerable | 2026-06-03 14:55:55.270868 |
Details available
HIGH (7.2)
SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote authenticated attacker with admin privileges to achieve remote code execution.
Published: 2024-11-13T01:54:45.386Z
Updated: 2024-11-19T04:55:59.747Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-34781 |
vulnerable | 2026-06-03 14:55:55.270429 |
Details available
HIGH (7.2)
SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote authenticated attacker with admin privileges to achieve remote code execution.
Published: 2024-11-13T01:54:45.516Z
Updated: 2024-11-19T04:55:57.271Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-34780 |
vulnerable | 2026-06-03 14:55:55.269886 |
Details available
HIGH (7.2)
SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote authenticated attacker with admin privileges to achieve remote code execution.
Published: 2024-11-13T01:54:45.552Z
Updated: 2024-11-19T04:55:52.429Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-34779 |
vulnerable | 2026-06-03 14:55:55.269212 |
Details available
CRITICAL (9.1)
An unspecified SQL injection in Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote authenticated attacker with admin privileges to achieve remote code execution.
Published: 2024-09-12T01:09:56.258Z
Updated: 2024-09-12T21:18:18.550Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-32848 |
vulnerable | 2026-06-03 14:55:48.187678 |
Details available
CRITICAL (9.1)
An unspecified SQL injection in Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote authenticated attacker with admin privileges to achieve remote code execution.
Published: 2024-09-12T01:09:56.249Z
Updated: 2024-09-12T21:18:06.645Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-32847 |
vulnerable | 2026-06-03 14:55:48.186953 |
Details available
HIGH (7.2)
SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote authenticated attacker with admin privileges to achieve remote code execution.
Published: 2024-11-13T01:54:45.408Z
Updated: 2024-11-19T04:56:03.781Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-32846 |
vulnerable | 2026-06-03 14:55:48.186293 |
Details available
CRITICAL (9.1)
An unspecified SQL injection in Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote authenticated attacker with admin privileges to achieve remote code execution.
Published: 2024-09-12T01:09:56.175Z
Updated: 2024-09-12T21:15:08.269Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-32845 |
vulnerable | 2026-06-03 14:55:48.185638 |
Details available
CRITICAL (9.1)
An unspecified SQL injection in Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote authenticated attacker with admin privileges to achieve remote code execution.
Published: 2024-09-12T01:09:56.175Z
Updated: 2024-09-12T21:14:44.010Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-32844 |
vulnerable | 2026-06-03 14:55:48.184994 |
Details available
HIGH (7.2)
SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote authenticated attacker with admin privileges to achieve remote code execution.
Published: 2024-11-13T01:54:45.443Z
Updated: 2024-11-19T04:56:02.536Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-32843 |
vulnerable | 2026-06-03 14:55:48.184511 |
Details available
CRITICAL (9.1)
An unspecified SQL injection in Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote authenticated attacker with admin privileges to achieve remote code execution.
Published: 2024-09-12T01:09:56.230Z
Updated: 2024-09-12T21:16:22.723Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-32842 |
vulnerable | 2026-06-03 14:55:48.183962 |
Details available
CRITICAL (9.1)
An unspecified SQL injection in Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote authenticated attacker with admin privileges to achieve remote code execution.
Published: 2024-09-12T01:09:56.173Z
Updated: 2024-09-12T21:13:06.489Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-32841 |
vulnerable | 2026-06-03 14:55:48.183307 |
Details available
HIGH (7.2)
SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote authenticated attacker with admin privileges to achieve remote code execution.
Published: 2024-11-13T01:54:45.386Z
Updated: 2024-11-19T04:55:51.227Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-32840 |
vulnerable | 2026-06-03 14:55:48.182808 |
Details available
CRITICAL (9.1)
An unspecified SQL injection in Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote authenticated attacker with admin privileges to achieve remote code execution.
Published: 2024-09-12T01:09:56.338Z
Updated: 2024-09-12T21:20:02.605Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-32839 |
vulnerable | 2026-06-03 14:55:48.181996 |
Details available
HIGH (7.2)
SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote authenticated attacker with admin privileges to achieve remote code execution.
Published: 2024-11-13T01:54:45.475Z
Updated: 2024-11-19T04:55:53.626Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-29847 |
vulnerable | 2026-06-03 14:55:27.544580 |
Details available
CRITICAL (10)
Deserialization of untrusted data in the agent portal of Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote unauthenticated attacker to achieve remote code execution.
Published: 2024-09-12T01:09:56.277Z
Updated: 2024-09-17T03:55:12.223Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-13172 |
vulnerable | 2026-06-03 14:54:23.850674 |
Details available
HIGH (7.8)
Improper signature verification in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to achieve remote code execution. Local user interaction is required.
Published: 2025-01-14T17:16:17.218Z
Updated: 2026-02-26T19:09:29.342Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-13171 |
vulnerable | 2026-06-03 14:54:23.850223 |
Details available
HIGH (7.8)
Insufficient filename validation in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to achieve remote code execution. Local user interaction is required.
Published: 2025-01-14T17:16:48.419Z
Updated: 2026-02-26T19:09:29.018Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-13170 |
vulnerable | 2026-06-03 14:54:23.849598 |
Details available
HIGH (7.5)
An out-of-bounds write in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to cause a denial of service.
Published: 2025-01-14T17:17:50.470Z
Updated: 2025-01-16T21:17:15.067Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-13169 |
vulnerable | 2026-06-03 14:54:23.849073 |
Details available
HIGH (7.8)
An out-of-bounds read in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a local authenticated attacker to escalate their privileges.
Published: 2025-01-14T17:18:28.069Z
Updated: 2026-02-26T19:09:28.733Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-13168 |
vulnerable | 2026-06-03 14:54:23.842919 |
Details available
HIGH (7.5)
An out-of-bounds write in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to cause a denial of service.
Published: 2025-01-14T17:19:00.787Z
Updated: 2025-01-16T21:18:56.082Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-13167 |
vulnerable | 2026-06-03 14:54:23.842492 |
Details available
HIGH (7.5)
An out-of-bounds write in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to cause a denial of service.
Published: 2025-01-14T17:19:43.062Z
Updated: 2025-01-16T21:19:20.404Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-13166 |
vulnerable | 2026-06-03 14:54:23.841800 |
Details available
HIGH (7.5)
An out-of-bounds write in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to cause a denial of service.
Published: 2025-01-14T17:20:19.876Z
Updated: 2025-01-15T15:20:00.615Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-13165 |
vulnerable | 2026-06-03 14:54:23.841066 |
Details available
HIGH (7.5)
An out-of-bounds write in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to cause a denial of service.
Published: 2025-01-14T17:22:15.933Z
Updated: 2025-01-15T15:19:52.577Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-13164 |
vulnerable | 2026-06-03 14:54:23.840522 |
Details available
HIGH (7.8)
An uninitialized resource in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a local authenticated attacker to escalate their privileges.
Published: 2025-01-14T17:22:49.382Z
Updated: 2026-02-26T19:09:28.454Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-13163 |
vulnerable | 2026-06-03 14:54:23.839998 |
Details available
HIGH (7.8)
Deserialization of untrusted data in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to achieve remote code execution. Local user interaction is required.
Published: 2025-01-14T17:23:13.781Z
Updated: 2026-02-26T19:09:28.096Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-13162 |
vulnerable | 2026-06-03 14:54:23.839475 |
Details available
HIGH (7.2)
SQL injection in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote authenticated attacker with admin privileges to achieve remote code execution. This CVE addresses incomplete fixes from CVE-2024-32848.
Published: 2025-01-14T17:23:48.256Z
Updated: 2026-02-26T19:09:27.921Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-13161 |
vulnerable | 2026-06-03 14:54:23.838926 |
Details available
CRITICAL (9.8)
Absolute path traversal in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to leak sensitive information.
Published: 2025-01-14T17:11:32.061Z
Updated: 2025-10-21T22:55:32.564Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-13160 |
vulnerable | 2026-06-03 14:54:23.838374 |
Details available
CRITICAL (9.8)
Absolute path traversal in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to leak sensitive information.
Published: 2025-01-14T17:12:23.237Z
Updated: 2025-10-21T22:55:32.382Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-13159 |
vulnerable | 2026-06-03 14:54:23.837539 |
Details available
CRITICAL (9.8)
Absolute path traversal in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to leak sensitive information.
Published: 2025-01-14T17:12:57.652Z
Updated: 2025-10-21T22:55:32.248Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-10811 |
vulnerable | 2026-06-03 14:54:12.610536 |
Details available
CRITICAL (9.8)
Absolute path traversal in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to leak sensitive information.
Published: 2025-01-14T16:59:32.982Z
Updated: 2026-02-26T19:09:29.972Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-10256 |
vulnerable | 2026-06-03 14:54:05.205294 |
Details available
HIGH (7.1)
Insufficient permissions in Ivanti Patch SDK before version 9.7.703 allows a local authenticated attacker to delete arbitrary files.
Published: 2024-12-10T18:46:01.911Z
Updated: 2024-12-10T20:44:59.599Z |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.