Filtered by vendor Ivanti Subscriptions
Filtered by product Endpoint Manager Subscriptions
Total 67 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2024-32842 1 Ivanti 1 Endpoint Manager 2024-09-13 7.2 High
An unspecified SQL injection in Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote authenticated attacker with admin privileges to achieve remote code execution.
CVE-2024-32840 1 Ivanti 1 Endpoint Manager 2024-09-13 7.2 High
An unspecified SQL injection in Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote authenticated attacker with admin privileges to achieve remote code execution.
CVE-2024-8322 1 Ivanti 1 Endpoint Manager 2024-09-13 4.3 Medium
Weak authentication in Patch Management of Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote authenticated attacker to access restricted functionality.
CVE-2024-8441 1 Ivanti 1 Endpoint Manager 2024-09-13 6.7 Medium
An uncontrolled search path in the agent of Ivanti EPM before 2022 SU6, or the 2024 September update allows a local authenticated attacker with admin privileges to escalate their privileges to SYSTEM.
CVE-2024-8321 1 Ivanti 1 Endpoint Manager 2024-09-13 5.8 Medium
Missing authentication in Network Isolation of Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote unauthenticated attacker to isolate managed devices from the network.
CVE-2024-8320 1 Ivanti 2 Automation, Endpoint Manager 2024-09-13 5.3 Medium
Missing authentication in Network Isolation of Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote unauthenticated attacker to spoof Network Isolation status of managed devices.
CVE-2024-8191 1 Ivanti 1 Endpoint Manager 2024-09-13 7.8 High
SQL injection in the management console of Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote unauthenticated attacker to achieve remote code execution.