Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Endpoint_manager
(Ivanti)Repositories |
Unknown: This might be proprietary software. |
#Vulnerabilities | 51 |
Date | Id | Summary | Products | Score | Patch | Annotated |
---|---|---|---|---|---|---|
2024-11-12 | CVE-2024-50326 | SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote authenticated attacker with admin privileges to achieve remote code execution. | Endpoint_manager | 7.2 | ||
2024-11-12 | CVE-2024-50327 | SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote authenticated attacker with admin privileges to achieve remote code execution. | Endpoint_manager | 7.2 | ||
2024-11-12 | CVE-2024-50328 | SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote authenticated attacker with admin privileges to achieve remote code execution. | Endpoint_manager | 7.2 | ||
2024-11-12 | CVE-2024-50329 | Path traversal in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote unauthenticated attacker to achieve remote code execution. User interaction is required. | Endpoint_manager | 8.8 | ||
2024-09-10 | CVE-2024-8320 | Missing authentication in Network Isolation of Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote unauthenticated attacker to spoof Network Isolation status of managed devices. | Endpoint_manager | 5.3 | ||
2024-09-10 | CVE-2024-8191 | SQL injection in the management console of Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote unauthenticated attacker to achieve remote code execution. | Endpoint_manager | 9.8 | ||
2024-09-10 | CVE-2024-8321 | Missing authentication in Network Isolation of Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote unauthenticated attacker to isolate managed devices from the network. | Endpoint_manager | 8.6 | ||
2024-09-10 | CVE-2024-8441 | An uncontrolled search path in the agent of Ivanti EPM before 2022 SU6, or the 2024 September update allows a local authenticated attacker with admin privileges to escalate their privileges to SYSTEM. | Endpoint_manager | 6.7 | ||
2024-09-10 | CVE-2024-8322 | Weak authentication in Patch Management of Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote authenticated attacker to access restricted functionality. | Endpoint_manager | 8.8 | ||
2024-09-12 | CVE-2024-29847 | Deserialization of untrusted data in the agent portal of Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote unauthenticated attacker to achieve remote code execution. | Endpoint_manager | 9.8 |