Approved changes feed: RSS · Atom
cpe:2.3:a:ivanti:epm:*:*:*:*:*:*:*:*
part: a version: * update: *
| Vendor | Ivanti (40b984ad-e54c-5e1b-9aa1-2a4cd4d61129) |
|---|---|
| Product | Epm (d5530f87-4bbd-5c91-a271-f5f12626b482) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from gcve-enriched-dumps CVE data |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2024-37397 |
vulnerable | 2026-06-03 14:56:06.480923 |
Details available
HIGH (8.2)
An External XML Entity (XXE) vulnerability in the provisioning web service of Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote unauthenticated attacker to leak API secrets.
Published: 2024-09-12T01:09:56.254Z
Updated: 2024-09-13T15:48:43.529Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-37381 |
vulnerable | 2026-06-03 14:56:06.438389 |
Details available
HIGH (8.4)
An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2024 flat allows an authenticated attacker within the same network to execute arbitrary code.
Published: 2024-07-29T05:43:16.144Z
Updated: 2024-08-02T03:50:55.937Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-37376 |
vulnerable | 2026-06-03 14:56:06.419322 |
Details available
HIGH (7.2)
SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote authenticated attacker with admin privileges to achieve remote code execution.
Published: 2024-11-13T01:54:45.383Z
Updated: 2024-11-19T04:55:56.052Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-34787 |
vulnerable | 2026-06-03 14:55:55.282024 |
Details available
HIGH (7.8)
Path traversal in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a local unauthenticated attacker to achieve code execution. User interaction is required.
Published: 2024-11-13T01:54:45.416Z
Updated: 2024-11-19T04:55:48.661Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-34785 |
vulnerable | 2026-06-03 14:55:55.272304 |
Details available
CRITICAL (9.1)
An unspecified SQL injection in Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote authenticated attacker with admin privileges to achieve remote code execution.
Published: 2024-09-12T01:09:56.248Z
Updated: 2024-09-12T21:16:44.057Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-34784 |
vulnerable | 2026-06-03 14:55:55.271814 |
Details available
HIGH (7.2)
SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote authenticated attacker with admin privileges to achieve remote code execution.
Published: 2024-11-13T01:54:45.555Z
Updated: 2024-11-19T04:56:05.016Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-34783 |
vulnerable | 2026-06-03 14:55:55.271249 |
Details available
CRITICAL (9.1)
An unspecified SQL injection in Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote authenticated attacker with admin privileges to achieve remote code execution.
Published: 2024-09-12T01:09:56.337Z
Updated: 2024-09-12T21:19:26.664Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-34782 |
vulnerable | 2026-06-03 14:55:55.270746 |
Details available
HIGH (7.2)
SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote authenticated attacker with admin privileges to achieve remote code execution.
Published: 2024-11-13T01:54:45.386Z
Updated: 2024-11-19T04:55:59.747Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-34781 |
vulnerable | 2026-06-03 14:55:55.270219 |
Details available
HIGH (7.2)
SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote authenticated attacker with admin privileges to achieve remote code execution.
Published: 2024-11-13T01:54:45.516Z
Updated: 2024-11-19T04:55:57.271Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-34780 |
vulnerable | 2026-06-03 14:55:55.269661 |
Details available
HIGH (7.2)
SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote authenticated attacker with admin privileges to achieve remote code execution.
Published: 2024-11-13T01:54:45.552Z
Updated: 2024-11-19T04:55:52.429Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-34779 |
vulnerable | 2026-06-03 14:55:55.268946 |
Details available
CRITICAL (9.1)
An unspecified SQL injection in Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote authenticated attacker with admin privileges to achieve remote code execution.
Published: 2024-09-12T01:09:56.258Z
Updated: 2024-09-12T21:18:18.550Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-32848 |
vulnerable | 2026-06-03 14:55:48.187430 |
Details available
CRITICAL (9.1)
An unspecified SQL injection in Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote authenticated attacker with admin privileges to achieve remote code execution.
Published: 2024-09-12T01:09:56.249Z
Updated: 2024-09-12T21:18:06.645Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-32847 |
vulnerable | 2026-06-03 14:55:48.186723 |
Details available
HIGH (7.2)
SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote authenticated attacker with admin privileges to achieve remote code execution.
Published: 2024-11-13T01:54:45.408Z
Updated: 2024-11-19T04:56:03.781Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-32846 |
vulnerable | 2026-06-03 14:55:48.186034 |
Details available
CRITICAL (9.1)
An unspecified SQL injection in Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote authenticated attacker with admin privileges to achieve remote code execution.
Published: 2024-09-12T01:09:56.175Z
Updated: 2024-09-12T21:15:08.269Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-32845 |
vulnerable | 2026-06-03 14:55:48.185371 |
Details available
CRITICAL (9.1)
An unspecified SQL injection in Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote authenticated attacker with admin privileges to achieve remote code execution.
Published: 2024-09-12T01:09:56.175Z
Updated: 2024-09-12T21:14:44.010Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-32844 |
vulnerable | 2026-06-03 14:55:48.184832 |
Details available
HIGH (7.2)
SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote authenticated attacker with admin privileges to achieve remote code execution.
Published: 2024-11-13T01:54:45.443Z
Updated: 2024-11-19T04:56:02.536Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-32843 |
vulnerable | 2026-06-03 14:55:48.184367 |
Details available
CRITICAL (9.1)
An unspecified SQL injection in Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote authenticated attacker with admin privileges to achieve remote code execution.
Published: 2024-09-12T01:09:56.230Z
Updated: 2024-09-12T21:16:22.723Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-32842 |
vulnerable | 2026-06-03 14:55:48.183812 |
Details available
CRITICAL (9.1)
An unspecified SQL injection in Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote authenticated attacker with admin privileges to achieve remote code execution.
Published: 2024-09-12T01:09:56.173Z
Updated: 2024-09-12T21:13:06.489Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-32841 |
vulnerable | 2026-06-03 14:55:48.183180 |
Details available
HIGH (7.2)
SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote authenticated attacker with admin privileges to achieve remote code execution.
Published: 2024-11-13T01:54:45.386Z
Updated: 2024-11-19T04:55:51.227Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-32840 |
vulnerable | 2026-06-03 14:55:48.182498 |
Details available
CRITICAL (9.1)
An unspecified SQL injection in Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote authenticated attacker with admin privileges to achieve remote code execution.
Published: 2024-09-12T01:09:56.338Z
Updated: 2024-09-12T21:20:02.605Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-32839 |
vulnerable | 2026-06-03 14:55:48.176673 |
Details available
HIGH (7.2)
SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote authenticated attacker with admin privileges to achieve remote code execution.
Published: 2024-11-13T01:54:45.475Z
Updated: 2024-11-19T04:55:53.626Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-29847 |
vulnerable | 2026-06-03 14:55:27.540408 |
Details available
CRITICAL (10)
Deserialization of untrusted data in the agent portal of Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote unauthenticated attacker to achieve remote code execution.
Published: 2024-09-12T01:09:56.277Z
Updated: 2024-09-17T03:55:12.223Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-29846 |
vulnerable | 2026-06-03 14:55:27.539915 |
Details available
HIGH (8.4)
An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an authenticated attacker within the same network to execute arbitrary code.
Published: 2024-05-31T17:38:31.371Z
Updated: 2024-08-02T01:17:58.190Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-29830 |
vulnerable | 2026-06-03 14:55:27.519992 |
Details available
HIGH (8.4)
An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an authenticated attacker within the same network to execute arbitrary code.
Published: 2024-05-31T17:38:31.352Z
Updated: 2024-08-02T01:17:57.943Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-29829 |
vulnerable | 2026-06-03 14:55:27.519414 |
Details available
HIGH (8.4)
An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an authenticated attacker within the same network to execute arbitrary code.
Published: 2024-05-31T17:38:31.379Z
Updated: 2024-08-02T01:17:58.030Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-29828 |
vulnerable | 2026-06-03 14:55:27.518913 |
Details available
HIGH (8.4)
An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an authenticated attacker within the same network to execute arbitrary code.
Published: 2024-05-31T17:38:31.394Z
Updated: 2024-08-02T01:17:57.504Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-29827 |
vulnerable | 2026-06-03 14:55:27.518200 |
Details available
CRITICAL (9.6)
An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an unauthenticated attacker within the same network to execute arbitrary code.
Published: 2024-05-31T17:38:31.405Z
Updated: 2024-08-02T01:17:57.542Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-29826 |
vulnerable | 2026-06-03 14:55:27.517506 |
Details available
CRITICAL (9.6)
An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an unauthenticated attacker within the same network to execute arbitrary code.
Published: 2024-05-31T17:38:31.399Z
Updated: 2024-08-02T01:17:58.045Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-29825 |
vulnerable | 2026-06-03 14:55:27.516911 |
Details available
CRITICAL (9.6)
An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an unauthenticated attacker within the same network to execute arbitrary code.
Published: 2024-05-31T17:38:31.330Z
Updated: 2024-08-02T01:17:57.543Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-29824 |
vulnerable | 2026-06-03 14:55:27.516422 |
Details available
CRITICAL (9.6)
An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an unauthenticated attacker within the same network to execute arbitrary code.
Published: 2024-05-31T17:38:31.331Z
Updated: 2025-10-21T23:05:16.909Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-29823 |
vulnerable | 2026-06-03 14:55:27.515830 |
Details available
CRITICAL (9.6)
An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an unauthenticated attacker within the same network to execute arbitrary code.
Published: 2024-05-31T17:38:31.409Z
Updated: 2024-08-02T01:17:57.385Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-29822 |
vulnerable | 2026-06-03 14:55:27.511466 |
Details available
CRITICAL (9.6)
An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an unauthenticated attacker within the same network to execute arbitrary code.
Published: 2024-05-31T17:38:31.401Z
Updated: 2024-08-02T01:17:58.027Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-22058 |
vulnerable | 2026-06-03 14:54:59.562826 |
Details available
HIGH (7.8)
A buffer overflow allows a low privilege user on the local machine that has the EPM Agent installed to execute arbitrary code with elevated permissions in Ivanti EPM 2021.1 and older.
Published: 2024-05-31T17:38:31.334Z
Updated: 2025-03-17T15:41:54.663Z |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.