Endpoint Manager
Approved changes feed: RSS · Atom
cpe:2.3:a:ivanti:endpoint_manager:2024:su3_security_release_1:*:*:*:*:*:*
part: a version: 2024 update: su3_security_release_1
| Vendor | Ivanti (40b984ad-e54c-5e1b-9aa1-2a4cd4d61129) |
|---|---|
| Product | Endpoint Manager (006063b4-e9bc-5f0c-b4e5-d80a079df021) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from gcve-enriched-dumps CVE data |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2026-8111 |
vulnerable | 2026-06-03 15:27:57.654186 |
Details available
HIGH (8.8)
SQL injection in the web console of Ivanti Endpoint Manager before version 2024 SU6 allows a remote authenticated attacker to achieve remote code execution.
Published: 2026-05-12T14:33:45.708Z
Updated: 2026-05-13T03:57:54.231Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2026-8110 |
vulnerable | 2026-06-03 15:27:57.653242 |
Details available
HIGH (7.8)
Incorrect permissions assignment in the agent of Ivanti Endpoint Manager before version 2024 SU6 allows a local authenticated attacker to escalate their privileges.
Published: 2026-05-12T14:31:26.135Z
Updated: 2026-05-13T03:57:53.140Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2026-8109 |
vulnerable | 2026-06-03 15:27:57.648089 |
Details available
MEDIUM (6.5)
An exposed dangerous method on the Core Server of Ivanti Endpoint Manager before version 2024 SU6 allows a remote authenticated attacker to leak access credentials.
Published: 2026-05-12T14:29:10.500Z
Updated: 2026-05-12T18:58:58.165Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2026-1603 |
vulnerable | 2026-06-03 15:14:44.732402 |
Details available
HIGH (8.6)
An authentication bypass in Ivanti Endpoint Manager before version 2024 SU5 allows a remote unauthenticated attacker to leak specific stored credential data.
Published: 2026-02-10T15:09:35.459Z
Updated: 2026-03-10T03:55:23.819Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2026-1602 |
vulnerable | 2026-06-03 15:14:44.724539 |
Details available
MEDIUM (6.5)
SQL injection in Ivanti Endpoint Manager before version 2024 SU5 allows a remote authenticated attacker to read arbitrary data from the database.
Published: 2026-02-10T15:07:27.198Z
Updated: 2026-02-26T15:04:12.393Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-9713 |
vulnerable | 2026-06-03 15:14:39.387347 |
Details available
HIGH (8.8)
Path traversal in Ivanti Endpoint Manager before version 2024 SU4 allows a remote unauthenticated attacker to achieve remote code execution. User interaction is required.
Published: 2025-10-13T21:08:13.112Z
Updated: 2026-02-26T17:47:44.122Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-62392 |
vulnerable | 2026-06-03 15:07:58.712597 |
Details available
MEDIUM (6.5)
SQL injection in Ivanti Endpoint Manager before version 2024 SU5 allows a remote authenticated attacker to read arbitrary data from the database.
Published: 2025-10-13T21:10:15.318Z
Updated: 2026-02-10T17:03:59.025Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-62391 |
vulnerable | 2026-06-03 15:07:58.711939 |
Details available
MEDIUM (6.5)
SQL injection in Ivanti Endpoint Manager before version 2024 SU5 allows a remote authenticated attacker to read arbitrary data from the database.
Published: 2025-10-13T21:12:22.188Z
Updated: 2026-02-10T17:07:35.039Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-62390 |
vulnerable | 2026-06-03 15:07:58.711374 |
Details available
MEDIUM (6.5)
SQL injection in Ivanti Endpoint Manager before version 2024 SU5 allows a remote authenticated attacker to read arbitrary data from the database.
Published: 2025-10-13T21:10:53.982Z
Updated: 2026-02-10T17:03:03.801Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-62389 |
vulnerable | 2026-06-03 15:07:58.710809 |
Details available
MEDIUM (6.5)
SQL injection in Ivanti Endpoint Manager before version 2024 SU5 allows a remote authenticated attacker to read arbitrary data from the database.
Published: 2025-10-13T21:11:18.043Z
Updated: 2026-02-10T17:04:40.319Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-62388 |
vulnerable | 2026-06-03 15:07:58.710262 |
Details available
MEDIUM (6.5)
SQL injection in Ivanti Endpoint Manager before version 2024 SU5 allows a remote authenticated attacker to read arbitrary data from the database.
Published: 2025-10-13T21:11:34.823Z
Updated: 2026-02-10T17:05:16.161Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-62387 |
vulnerable | 2026-06-03 15:07:58.709534 |
Details available
MEDIUM (6.5)
SQL injection in Ivanti Endpoint Manager before version 2024 SU5 allows a remote authenticated attacker to read arbitrary data from the database.
Published: 2025-10-13T21:11:52.712Z
Updated: 2026-02-10T17:06:13.734Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-62386 |
vulnerable | 2026-06-03 15:07:58.708905 |
Details available
MEDIUM (6.5)
SQL injection in Ivanti Endpoint Manager before version 2024 SU5 allows a remote authenticated attacker to read arbitrary data from the database.
Published: 2025-10-13T21:12:52.222Z
Updated: 2026-02-10T17:08:56.495Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-62385 |
vulnerable | 2026-06-03 15:07:58.708147 |
Details available
MEDIUM (6.5)
SQL injection in Ivanti Endpoint Manager before version 2024 SU5 allows a remote authenticated attacker to read arbitrary data from the database.
Published: 2025-10-13T21:12:08.724Z
Updated: 2026-02-10T17:06:52.469Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-62384 |
vulnerable | 2026-06-03 15:07:58.707474 |
Details available
MEDIUM (6.5)
SQL injection in Ivanti Endpoint Manager before version 2024 SU5 allows a remote authenticated attacker to read arbitrary data from the database.
Published: 2025-10-13T21:13:05.017Z
Updated: 2026-02-10T17:09:32.081Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-62383 |
vulnerable | 2026-06-03 15:07:58.706772 |
Details available
MEDIUM (6.5)
SQL injection in Ivanti Endpoint Manager before version 2024 SU5 allows a remote authenticated attacker to read arbitrary data from the database.
Published: 2025-10-13T21:12:38.655Z
Updated: 2026-02-10T17:08:17.427Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-13662 |
vulnerable | 2026-06-03 14:58:46.654976 |
Details available
HIGH (7.8)
Improper verification of cryptographic signatures in the patch management component of Ivanti Endpoint Manager prior to version 2024 SU4 SR1 allows a remote unauthenticated attacker to execute arbitrary code. User Interaction is required.
Published: 2025-12-09T16:05:31.059Z
Updated: 2026-02-26T16:57:03.979Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-13661 |
vulnerable | 2026-06-03 14:58:46.654316 |
Details available
HIGH (7.1)
Path traversal in Ivanti Endpoint Manager prior to version 2024 SU4 SR1 allows a remote authenticated attacker to write arbitrary files outside of the intended directory. User interaction is required.
Published: 2025-12-09T16:01:18.193Z
Updated: 2026-02-26T16:57:04.977Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-13659 |
vulnerable | 2026-06-03 14:58:46.650092 |
Details available
HIGH (8.8)
Improper control of dynamically managed code resources in Ivanti Endpoint Manager prior to version 2024 SU4 SR1 allows a remote, unauthenticated attacker to write arbitrary files on the server, potentially leading to remote code execution. User interaction is required.
Published: 2025-12-09T15:59:18.340Z
Updated: 2026-02-26T16:57:05.566Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-11623 |
vulnerable | 2026-06-03 14:58:42.791416 |
Details available
MEDIUM (6.5)
SQL injection in Ivanti Endpoint Manager before version 2024 SU5 allows a remote authenticated attacker to read arbitrary data from the database.
Published: 2025-10-13T21:09:07.731Z
Updated: 2026-02-10T17:03:35.043Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-11622 |
vulnerable | 2026-06-03 14:58:42.790575 |
Details available
HIGH (7.8)
Insecure deserialization in Ivanti Endpoint Manager before version 2024 SU4 allows a local authenticated attacker to escalate their privileges.
Published: 2025-10-13T21:07:50.065Z
Updated: 2026-02-26T17:47:44.396Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-10918 |
vulnerable | 2026-06-03 14:58:35.094061 |
Details available
HIGH (7.1)
Insecure default permissions in the agent of Ivanti Endpoint Manager before version 2024 SU4 allows a local authenticated attacker to write arbitrary files anywhere on disk
Published: 2025-11-11T15:31:54.062Z
Updated: 2025-11-12T20:02:59.040Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-10573 |
vulnerable | 2026-06-03 14:58:34.352616 |
Details available
CRITICAL (9.6)
Stored XSS in Ivanti Endpoint Manager prior to version 2024 SU4 SR1 allows a remote unauthenticated attacker to execute arbitrary JavaScript in the context of an administrator session. User interaction is required.
Published: 2025-12-09T15:55:23.422Z
Updated: 2026-02-26T16:57:06.042Z |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.