Ivanti Endpoint Manager 2022 Service Updates 6
Approved changes feed: RSS · Atom
cpe:2.3:a:ivanti:endpoint_manager:2022:su6:*:*:*:*:*:*
part: a version: 2022 update: su6
| Vendor | Ivanti (40b984ad-e54c-5e1b-9aa1-2a4cd4d61129) |
|---|---|
| Product | Endpoint Manager (006063b4-e9bc-5f0c-b4e5-d80a079df021) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from NVD CPE 2.0 feed |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2025-9872 |
vulnerable | 2026-06-03 15:14:39.993030 |
Details available
HIGH (8.8)
Insufficient filename validation in Ivanti Endpoint Manager before 2024 SU3 SR1 and 2022 SU8 SR2 allows a remote unauthenticated attacker to achieve remote code execution. User interaction is required.
Published: 2025-09-09T15:11:13.957Z
Updated: 2026-02-26T17:49:04.223Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-9712 |
vulnerable | 2026-06-03 15:14:39.374240 |
Details available
HIGH (8.8)
Insufficient filename validation in Ivanti Endpoint Manager before 2024 SU3 SR1 and 2022 SU8 SR2 allows a remote unauthenticated attacker to achieve remote code execution. User interaction is required.
Published: 2025-09-09T15:09:05.375Z
Updated: 2026-02-26T17:49:04.952Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-7037 |
vulnerable | 2026-06-03 15:12:30.383934 |
SQL injection in Ivanti Endpoint Manager
HIGH (7.2)
SQL injection in Ivanti Endpoint Manager before version 2024 SU3 and 2022 SU8 Security Update 1 allows a remote authenticated attacker with admin privileges to read arbitrary data from the database
Published: 2025-07-08T14:54:42.789Z
Updated: 2025-07-08T15:07:12.721Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-6996 |
vulnerable | 2026-06-03 15:12:29.518789 |
Improper Encryption in Ivanti Endpoint Manager
HIGH (8.4)
Improper use of encryption in the agent of Ivanti Endpoint Manager before version 2024 SU3 and 2022 SU8 Security Update 1 allows a local authenticated attacker to decrypt other users’ passwords.
Published: 2025-07-08T14:51:04.446Z
Updated: 2025-07-08T15:14:08.808Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-6995 |
vulnerable | 2026-06-03 15:12:29.513377 |
Improper Encryption in Ivanti Endpoint Manager
HIGH (8.4)
Improper use of encryption in the agent of Ivanti Endpoint Manager before version 2024 SU3 and 2022 SU8 Security Update 1 allows a local authenticated attacker to decrypt other users’ passwords.
Published: 2025-07-08T14:45:44.989Z
Updated: 2025-07-08T15:54:49.209Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-22466 |
vulnerable | 2026-06-03 14:59:40.030041 |
Details available
HIGH (8.2)
Reflected XSS in Ivanti Endpoint Manager before version 2024 SU1 or before version 2022 SU7 allows a remote unauthenticated attacker to obtain admin privileges. User interaction is required.
Published: 2025-04-08T14:27:55.834Z
Updated: 2025-04-08T14:46:25.244Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-22465 |
vulnerable | 2026-06-03 14:59:40.029175 |
Details available
MEDIUM (6.1)
Reflected XSS in Ivanti Endpoint Manager before version 2024 SU1 or before version 2022 SU7 allows a remote unauthenticated attacker to execute arbitrary javascript in a victim's browser. Unlikely user interaction is required.
Published: 2025-04-08T14:27:27.199Z
Updated: 2025-04-08T14:52:54.418Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-22464 |
vulnerable | 2026-06-03 14:59:40.028580 |
Details available
MEDIUM (6.1)
An untrusted pointer dereference vulnerability in Ivanti Endpoint Manager before version 2024 SU1 or before version 2022 SU7 allows an attacker with local access to write arbitrary data into memory causing a denial-of-service condition.
Published: 2025-04-08T14:27:03.158Z
Updated: 2025-04-08T15:04:45.498Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-22461 |
vulnerable | 2026-06-03 14:59:40.017584 |
Details available
HIGH (7.2)
SQL injection in Ivanti Endpoint Manager before version 2024 SU1 or before version 2022 SU7 allows a remote authenticated attacker with admin privileges to achieve code execution.
Published: 2025-04-08T14:26:23.423Z
Updated: 2026-02-26T18:28:39.350Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-22459 |
vulnerable | 2026-06-03 14:59:40.012403 |
Details available
MEDIUM (4.8)
Improper certificate validation in Ivanti Endpoint Manager before version 2024 SU1 or before version 2022 SU7 allows a remote unauthenticated attacker to intercept limited traffic between clients and servers.
Published: 2025-04-08T14:25:57.827Z
Updated: 2025-04-08T15:37:26.132Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-22458 |
vulnerable | 2026-06-03 14:59:40.010799 |
Details available
HIGH (7.8)
DLL hijacking in Ivanti Endpoint Manager before version 2024 SU1 or before version 2022 SU7 allows an authenticated attacker to escalate to System.
Published: 2025-04-08T14:25:42.603Z
Updated: 2026-02-26T18:28:39.769Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-13161 |
vulnerable | 2026-06-03 14:54:23.838910 |
Details available
CRITICAL (9.8)
Absolute path traversal in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to leak sensitive information.
Published: 2025-01-14T17:11:32.061Z
Updated: 2025-10-21T22:55:32.564Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-13160 |
vulnerable | 2026-06-03 14:54:23.838357 |
Details available
CRITICAL (9.8)
Absolute path traversal in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to leak sensitive information.
Published: 2025-01-14T17:12:23.237Z
Updated: 2025-10-21T22:55:32.382Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-13159 |
vulnerable | 2026-06-03 14:54:23.836985 |
Details available
CRITICAL (9.8)
Absolute path traversal in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to leak sensitive information.
Published: 2025-01-14T17:12:57.652Z
Updated: 2025-10-21T22:55:32.248Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-10256 |
vulnerable | 2026-06-03 14:54:05.204790 |
Details available
HIGH (7.1)
Insufficient permissions in Ivanti Patch SDK before version 9.7.703 allows a local authenticated attacker to delete arbitrary files.
Published: 2024-12-10T18:46:01.911Z
Updated: 2024-12-10T20:44:59.599Z |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.