Filtered by vendor Ivanti Subscriptions
Filtered by product Endpoint Manager Subscriptions
Total 62 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2024-37376 1 Ivanti 1 Endpoint Manager 2024-11-19 N/A
SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote authenticated attacker with admin privileges to achieve remote code execution.
CVE-2024-50327 1 Ivanti 1 Endpoint Manager 2024-11-19 7.2 High
SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote authenticated attacker with admin privileges to achieve remote code execution.
CVE-2024-34780 1 Ivanti 1 Endpoint Manager 2024-11-19 N/A
SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote authenticated attacker with admin privileges to achieve remote code execution.
CVE-2024-32841 1 Ivanti 1 Endpoint Manager 2024-11-19 N/A
SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote authenticated attacker with admin privileges to achieve remote code execution.
CVE-2024-50322 1 Ivanti 1 Endpoint Manager 2024-11-19 7.8 High
Path traversal in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a local unauthenticated attacker to achieve code execution. User interaction is required.
CVE-2024-34787 1 Ivanti 1 Endpoint Manager 2024-11-19 N/A
Path traversal in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a local unauthenticated attacker to achieve code execution. User interaction is required.
CVE-2024-29847 1 Ivanti 1 Endpoint Manager 2024-09-17 9.8 Critical
Deserialization of untrusted data in the agent portal of Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote unauthenticated attacker to achieve remote code execution.
CVE-2024-37397 1 Ivanti 1 Endpoint Manager 2024-09-13 8.2 High
An External XML Entity (XXE) vulnerability in the provisioning web service of Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote unauthenticated attacker to leak API secrets.
CVE-2024-34785 1 Ivanti 1 Endpoint Manager 2024-09-13 7.2 High
An unspecified SQL injection in Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote authenticated attacker with admin privileges to achieve remote code execution.
CVE-2024-34783 1 Ivanti 1 Endpoint Manager 2024-09-13 7.2 High
An unspecified SQL injection in Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote authenticated attacker with admin privileges to achieve remote code execution.
CVE-2024-34779 1 Ivanti 1 Endpoint Manager 2024-09-13 7.2 High
An unspecified SQL injection in Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote authenticated attacker with admin privileges to achieve remote code execution.
CVE-2024-32848 1 Ivanti 1 Endpoint Manager 2024-09-13 7.2 High
An unspecified SQL injection in Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote authenticated attacker with admin privileges to achieve remote code execution.
CVE-2024-32846 1 Ivanti 1 Endpoint Manager 2024-09-13 7.2 High
An unspecified SQL injection in Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote authenticated attacker with admin privileges to achieve remote code execution.
CVE-2024-32845 1 Ivanti 1 Endpoint Manager 2024-09-13 7.2 High
An unspecified SQL injection in Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote authenticated attacker with admin privileges to achieve remote code execution.
CVE-2024-32843 1 Ivanti 1 Endpoint Manager 2024-09-13 7.2 High
An unspecified SQL injection in Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote authenticated attacker with admin privileges to achieve remote code execution.
CVE-2024-32842 1 Ivanti 1 Endpoint Manager 2024-09-13 7.2 High
An unspecified SQL injection in Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote authenticated attacker with admin privileges to achieve remote code execution.
CVE-2024-32840 1 Ivanti 1 Endpoint Manager 2024-09-13 7.2 High
An unspecified SQL injection in Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote authenticated attacker with admin privileges to achieve remote code execution.
CVE-2024-8322 1 Ivanti 1 Endpoint Manager 2024-09-13 4.3 Medium
Weak authentication in Patch Management of Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote authenticated attacker to access restricted functionality.
CVE-2024-8441 1 Ivanti 1 Endpoint Manager 2024-09-13 6.7 Medium
An uncontrolled search path in the agent of Ivanti EPM before 2022 SU6, or the 2024 September update allows a local authenticated attacker with admin privileges to escalate their privileges to SYSTEM.
CVE-2024-8321 1 Ivanti 1 Endpoint Manager 2024-09-13 5.8 Medium
Missing authentication in Network Isolation of Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote unauthenticated attacker to isolate managed devices from the network.