Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Endpoint_manager
(Ivanti)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 44 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2023-07-01 | CVE-2023-28324 | A improper input validation vulnerability exists in Ivanti Endpoint Manager 2022 and below that could allow privilege escalation or remote code execution. | Endpoint_manager | 9.8 | ||
| 2023-09-21 | CVE-2023-38344 | An issue was discovered in Ivanti Endpoint Manager before 2022 SU4. A file disclosure vulnerability exists in the GetFileContents SOAP action exposed via /landesk/managementsuite/core/core.secure/OsdScript.asmx. The application does not sufficiently restrict user-supplied paths, allowing for an authenticated attacker to read arbitrary files from a remote system, including the private key used to authenticate to agents for remote access. | Endpoint_manager | 6.5 | ||
| 2024-09-10 | CVE-2024-8320 | Missing authentication in Network Isolation of Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote unauthenticated attacker to spoof Network Isolation status of managed devices. | Endpoint_manager | 5.3 | ||
| 2024-09-10 | CVE-2024-8191 | SQL injection in the management console of Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote unauthenticated attacker to achieve remote code execution. | Endpoint_manager | 9.8 | ||
| 2024-09-10 | CVE-2024-8321 | Missing authentication in Network Isolation of Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote unauthenticated attacker to isolate managed devices from the network. | Endpoint_manager | 8.6 | ||
| 2024-09-10 | CVE-2024-8441 | An uncontrolled search path in the agent of Ivanti EPM before 2022 SU6, or the 2024 September update allows a local authenticated attacker with admin privileges to escalate their privileges to SYSTEM. | Endpoint_manager | 6.7 | ||
| 2024-09-10 | CVE-2024-8322 | Weak authentication in Patch Management of Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote authenticated attacker to access restricted functionality. | Endpoint_manager | 8.8 | ||
| 2024-09-12 | CVE-2024-29847 | Deserialization of untrusted data in the agent portal of Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote unauthenticated attacker to achieve remote code execution. | Endpoint_manager | 9.8 | ||
| 2024-09-12 | CVE-2024-32842 | An unspecified SQL injection in Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote authenticated attacker with admin privileges to achieve remote code execution. | Endpoint_manager | 7.2 | ||
| 2024-09-12 | CVE-2024-32840 | An unspecified SQL injection in Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote authenticated attacker with admin privileges to achieve remote code execution. | Endpoint_manager | 7.2 |