GCVE - cpe:2.3:a:ivanti:endpoint_manager:2024:su4:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:ivanti:endpoint_manager:2024:su4:*:*:*:*:*:*

part: a version: 2024 update: su4

Vendor	Ivanti (`40b984ad-e54c-5e1b-9aa1-2a4cd4d61129`)
Product	Endpoint Manager (`006063b4-e9bc-5f0c-b4e5-d80a079df021`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from gcve-enriched-dumps CVE data

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2026-8111`	vulnerable	2026-06-03 15:27:57.654354	Details available HIGH (8.8) SQL injection in the web console of Ivanti Endpoint Manager before version 2024 SU6 allows a remote authenticated attacker to achieve remote code execution. Published: 2026-05-12T14:33:45.708Z Updated: 2026-05-13T03:57:54.231Z Open on db.gcve.eu Reference links https://hub.ivanti.com/s/article/Security-Advisory-Ivanti-Endpoint-Manager-EPM-May-2026?language=en_US	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2026-8110`	vulnerable	2026-06-03 15:27:57.653261	Details available HIGH (7.8) Incorrect permissions assignment in the agent of Ivanti Endpoint Manager before version 2024 SU6 allows a local authenticated attacker to escalate their privileges. Published: 2026-05-12T14:31:26.135Z Updated: 2026-05-13T03:57:53.140Z Open on db.gcve.eu Reference links https://hub.ivanti.com/s/article/Security-Advisory-Ivanti-Endpoint-Manager-EPM-May-2026?language=en_US	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2026-8109`	vulnerable	2026-06-03 15:27:57.648878	Details available MEDIUM (6.5) An exposed dangerous method on the Core Server of Ivanti Endpoint Manager before version 2024 SU6 allows a remote authenticated attacker to leak access credentials. Published: 2026-05-12T14:29:10.500Z Updated: 2026-05-12T18:58:58.165Z Open on db.gcve.eu Reference links https://hub.ivanti.com/s/article/Security-Advisory-Ivanti-Endpoint-Manager-EPM-May-2026?language=en_US	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2026-1603`	vulnerable	2026-06-03 15:14:44.732505	Details available HIGH (8.6) An authentication bypass in Ivanti Endpoint Manager before version 2024 SU5 allows a remote unauthenticated attacker to leak specific stored credential data. Published: 2026-02-10T15:09:35.459Z Updated: 2026-03-10T03:55:23.819Z Open on db.gcve.eu Reference links https://hub.ivanti.com/s/article/Security-Advisory-EPM-February-2026-for-EPM-2024?language=en_US	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2026-1602`	vulnerable	2026-06-03 15:14:44.729458	Details available MEDIUM (6.5) SQL injection in Ivanti Endpoint Manager before version 2024 SU5 allows a remote authenticated attacker to read arbitrary data from the database. Published: 2026-02-10T15:07:27.198Z Updated: 2026-02-26T15:04:12.393Z Open on db.gcve.eu Reference links https://hub.ivanti.com/s/article/Security-Advisory-EPM-February-2026-for-EPM-2024?language=en_US	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2025-13662`	vulnerable	2026-06-03 14:58:46.654995	Details available HIGH (7.8) Improper verification of cryptographic signatures in the patch management component of Ivanti Endpoint Manager prior to version 2024 SU4 SR1 allows a remote unauthenticated attacker to execute arbitrary code. User Interaction is required. Published: 2025-12-09T16:05:31.059Z Updated: 2026-02-26T16:57:03.979Z Open on db.gcve.eu Reference links https://forums.ivanti.com/s/article/Security-Advisory-EPM-December-2025-for-EPM-2024	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2025-13661`	vulnerable	2026-06-03 14:58:46.654338	Details available HIGH (7.1) Path traversal in Ivanti Endpoint Manager prior to version 2024 SU4 SR1 allows a remote authenticated attacker to write arbitrary files outside of the intended directory. User interaction is required. Published: 2025-12-09T16:01:18.193Z Updated: 2026-02-26T16:57:04.977Z Open on db.gcve.eu Reference links https://forums.ivanti.com/s/article/Security-Advisory-EPM-December-2025-for-EPM-2024	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2025-13659`	vulnerable	2026-06-03 14:58:46.651665	Details available HIGH (8.8) Improper control of dynamically managed code resources in Ivanti Endpoint Manager prior to version 2024 SU4 SR1 allows a remote, unauthenticated attacker to write arbitrary files on the server, potentially leading to remote code execution. User interaction is required. Published: 2025-12-09T15:59:18.340Z Updated: 2026-02-26T16:57:05.566Z Open on db.gcve.eu Reference links https://forums.ivanti.com/s/article/Security-Advisory-EPM-December-2025-for-EPM-2024	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2025-10573`	vulnerable	2026-06-03 14:58:34.353336	Details available CRITICAL (9.6) Stored XSS in Ivanti Endpoint Manager prior to version 2024 SU4 SR1 allows a remote unauthenticated attacker to execute arbitrary JavaScript in the context of an administrator session. User interaction is required. Published: 2025-12-09T15:55:23.422Z Updated: 2026-02-26T16:57:06.042Z Open on db.gcve.eu Reference links https://forums.ivanti.com/s/article/Security-Advisory-EPM-December-2025-for-EPM-2024	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.