Total
60 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-50328 | 1 Ivanti | 1 Endpoint Manager | 2024-11-18 | N/A | 7.2 HIGH |
| SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote authenticated attacker with admin privileges to achieve remote code execution. | |||||
| CVE-2024-50329 | 1 Ivanti | 1 Endpoint Manager | 2024-11-18 | N/A | 8.8 HIGH |
| Path traversal in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote unauthenticated attacker to achieve remote code execution. User interaction is required. | |||||
| CVE-2024-50324 | 1 Ivanti | 1 Endpoint Manager | 2024-11-18 | N/A | 7.2 HIGH |
| Path traversal in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote authenticated attacker with admin privileges to achieve remote code execution. | |||||
| CVE-2024-50323 | 1 Ivanti | 1 Endpoint Manager | 2024-11-18 | N/A | 7.8 HIGH |
| SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a local unauthenticated attacker to achieve code execution. User interaction is required. | |||||
| CVE-2024-50322 | 1 Ivanti | 1 Endpoint Manager | 2024-11-18 | N/A | 7.8 HIGH |
| Path traversal in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a local unauthenticated attacker to achieve code execution. User interaction is required. | |||||
| CVE-2024-34785 | 1 Ivanti | 1 Endpoint Manager | 2024-09-12 | N/A | 7.2 HIGH |
| An unspecified SQL injection in Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote authenticated attacker with admin privileges to achieve remote code execution. | |||||
| CVE-2024-34783 | 1 Ivanti | 1 Endpoint Manager | 2024-09-12 | N/A | 7.2 HIGH |
| An unspecified SQL injection in Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote authenticated attacker with admin privileges to achieve remote code execution. | |||||
| CVE-2024-34779 | 1 Ivanti | 1 Endpoint Manager | 2024-09-12 | N/A | 7.2 HIGH |
| An unspecified SQL injection in Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote authenticated attacker with admin privileges to achieve remote code execution. | |||||
| CVE-2024-32848 | 1 Ivanti | 1 Endpoint Manager | 2024-09-12 | N/A | 7.2 HIGH |
| An unspecified SQL injection in Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote authenticated attacker with admin privileges to achieve remote code execution. | |||||
| CVE-2024-32846 | 1 Ivanti | 1 Endpoint Manager | 2024-09-12 | N/A | 7.2 HIGH |
| An unspecified SQL injection in Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote authenticated attacker with admin privileges to achieve remote code execution. | |||||
| CVE-2024-32845 | 1 Ivanti | 1 Endpoint Manager | 2024-09-12 | N/A | 7.2 HIGH |
| An unspecified SQL injection in Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote authenticated attacker with admin privileges to achieve remote code execution. | |||||
| CVE-2024-32843 | 1 Ivanti | 1 Endpoint Manager | 2024-09-12 | N/A | 7.2 HIGH |
| An unspecified SQL injection in Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote authenticated attacker with admin privileges to achieve remote code execution. | |||||
| CVE-2024-32842 | 1 Ivanti | 1 Endpoint Manager | 2024-09-12 | N/A | 7.2 HIGH |
| An unspecified SQL injection in Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote authenticated attacker with admin privileges to achieve remote code execution. | |||||
| CVE-2024-32840 | 1 Ivanti | 1 Endpoint Manager | 2024-09-12 | N/A | 7.2 HIGH |
| An unspecified SQL injection in Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote authenticated attacker with admin privileges to achieve remote code execution. | |||||
| CVE-2024-29847 | 1 Ivanti | 1 Endpoint Manager | 2024-09-12 | N/A | 9.8 CRITICAL |
| Deserialization of untrusted data in the agent portal of Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote unauthenticated attacker to achieve remote code execution. | |||||
| CVE-2024-8322 | 1 Ivanti | 1 Endpoint Manager | 2024-09-12 | N/A | 4.3 MEDIUM |
| Weak authentication in Patch Management of Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote authenticated attacker to access restricted functionality. | |||||
| CVE-2024-8441 | 1 Ivanti | 1 Endpoint Manager | 2024-09-12 | N/A | 6.7 MEDIUM |
| An uncontrolled search path in the agent of Ivanti EPM before 2022 SU6, or the 2024 September update allows a local authenticated attacker with admin privileges to escalate their privileges to SYSTEM. | |||||
| CVE-2024-8321 | 1 Ivanti | 1 Endpoint Manager | 2024-09-12 | N/A | 5.8 MEDIUM |
| Missing authentication in Network Isolation of Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote unauthenticated attacker to isolate managed devices from the network. | |||||
| CVE-2024-8320 | 1 Ivanti | 1 Endpoint Manager | 2024-09-12 | N/A | 5.3 MEDIUM |
| Missing authentication in Network Isolation of Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote unauthenticated attacker to spoof Network Isolation status of managed devices. | |||||
| CVE-2024-8191 | 1 Ivanti | 1 Endpoint Manager | 2024-09-12 | N/A | 7.8 HIGH |
| SQL injection in the management console of Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote unauthenticated attacker to achieve remote code execution. | |||||