Product:

Endpoint_manager

(Ivanti)
Repositories

Unknown:

This might be proprietary software.

#Vulnerabilities 51
Date Id Summary Products Score Patch Annotated
2024-11-12 CVE-2024-50327 SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote authenticated attacker with admin privileges to achieve remote code execution. Endpoint_manager 7.2
2024-11-12 CVE-2024-50328 SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote authenticated attacker with admin privileges to achieve remote code execution. Endpoint_manager 7.2
2024-11-12 CVE-2024-50329 Path traversal in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote unauthenticated attacker to achieve remote code execution. User interaction is required. Endpoint_manager 8.8
2024-09-10 CVE-2024-8320 Missing authentication in Network Isolation of Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote unauthenticated attacker to spoof Network Isolation status of managed devices. Endpoint_manager 5.3
2024-09-10 CVE-2024-8191 SQL injection in the management console of Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote unauthenticated attacker to achieve remote code execution. Endpoint_manager 9.8
2024-09-10 CVE-2024-8321 Missing authentication in Network Isolation of Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote unauthenticated attacker to isolate managed devices from the network. Endpoint_manager 8.6
2024-09-10 CVE-2024-8441 An uncontrolled search path in the agent of Ivanti EPM before 2022 SU6, or the 2024 September update allows a local authenticated attacker with admin privileges to escalate their privileges to SYSTEM. Endpoint_manager 6.7
2024-09-10 CVE-2024-8322 Weak authentication in Patch Management of Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote authenticated attacker to access restricted functionality. Endpoint_manager 8.8
2024-09-12 CVE-2024-29847 Deserialization of untrusted data in the agent portal of Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote unauthenticated attacker to achieve remote code execution. Endpoint_manager 9.8
2024-09-12 CVE-2024-32842 An unspecified SQL injection in Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote authenticated attacker with admin privileges to achieve remote code execution. Endpoint_manager 7.2