Total
60 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-32847 | 1 Ivanti | 1 Endpoint Manager | 2025-04-24 | N/A | 7.2 HIGH |
| SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote authenticated attacker with admin privileges to achieve remote code execution. | |||||
| CVE-2022-35259 | 1 Ivanti | 1 Endpoint Manager | 2025-04-24 | N/A | 7.8 HIGH |
| XML Injection with Endpoint Manager 2022. 3 and below causing a download of a malicious file to run and possibly execute to gain unauthorized privileges. | |||||
| CVE-2022-27773 | 1 Ivanti | 1 Endpoint Manager | 2025-04-24 | N/A | 9.8 CRITICAL |
| A privilege escalation vulnerability is identified in Ivanti EPM (LANDesk Management Suite) that allows a user to execute commands with elevated privileges. | |||||
| CVE-2024-32841 | 1 Ivanti | 1 Endpoint Manager | 2025-04-23 | N/A | 7.2 HIGH |
| SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote authenticated attacker with admin privileges to achieve remote code execution. | |||||
| CVE-2024-32839 | 1 Ivanti | 1 Endpoint Manager | 2025-04-23 | N/A | 7.2 HIGH |
| SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote authenticated attacker with admin privileges to achieve remote code execution. | |||||
| CVE-2024-50330 | 1 Ivanti | 1 Endpoint Manager | 2025-04-23 | N/A | 9.8 CRITICAL |
| SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote unauthenticated attacker to achieve remote code execution. | |||||
| CVE-2024-32844 | 1 Ivanti | 1 Endpoint Manager | 2025-04-23 | N/A | 7.2 HIGH |
| SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote authenticated attacker with admin privileges to achieve remote code execution. | |||||
| CVE-2024-34780 | 1 Ivanti | 1 Endpoint Manager | 2025-04-23 | N/A | 7.2 HIGH |
| SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote authenticated attacker with admin privileges to achieve remote code execution. | |||||
| CVE-2017-11463 | 1 Ivanti | 1 Endpoint Manager | 2025-04-20 | 6.5 MEDIUM | 8.8 HIGH |
| In Ivanti Service Desk (formerly LANDESK Management Suite) versions between 2016.3 and 2017.3, an Unrestricted Direct Object Reference leads to referencing/updating objects belonging to other users. In other words, a normal user can send requests to a specific URI with the target user's username in an HTTP payload in order to retrieve a key/token and use it to access/update objects belonging to other users. Such objects could be user profiles, tickets, incidents, etc. | |||||
| CVE-2024-13161 | 1 Ivanti | 1 Endpoint Manager | 2025-03-13 | N/A | 9.8 CRITICAL |
| Absolute path traversal in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to leak sensitive information. | |||||
| CVE-2024-13160 | 1 Ivanti | 1 Endpoint Manager | 2025-03-13 | N/A | 9.8 CRITICAL |
| Absolute path traversal in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to leak sensitive information. | |||||
| CVE-2024-13159 | 1 Ivanti | 1 Endpoint Manager | 2025-03-13 | N/A | 9.8 CRITICAL |
| Absolute path traversal in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to leak sensitive information. | |||||
| CVE-2024-29824 | 1 Ivanti | 1 Endpoint Manager | 2024-11-29 | N/A | 8.8 HIGH |
| An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an unauthenticated attacker within the same network to execute arbitrary code. | |||||
| CVE-2024-29846 | 1 Ivanti | 1 Endpoint Manager | 2024-11-21 | N/A | 8.0 HIGH |
| An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an authenticated attacker within the same network to execute arbitrary code. | |||||
| CVE-2024-29830 | 1 Ivanti | 1 Endpoint Manager | 2024-11-21 | N/A | 8.0 HIGH |
| An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an authenticated attacker within the same network to execute arbitrary code. | |||||
| CVE-2024-29829 | 1 Ivanti | 1 Endpoint Manager | 2024-11-21 | N/A | 8.0 HIGH |
| An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an authenticated attacker within the same network to execute arbitrary code. | |||||
| CVE-2024-29828 | 1 Ivanti | 1 Endpoint Manager | 2024-11-21 | N/A | 8.0 HIGH |
| An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an authenticated attacker within the same network to execute arbitrary code. | |||||
| CVE-2024-29827 | 1 Ivanti | 1 Endpoint Manager | 2024-11-21 | N/A | 8.8 HIGH |
| An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an unauthenticated attacker within the same network to execute arbitrary code. | |||||
| CVE-2024-29826 | 1 Ivanti | 1 Endpoint Manager | 2024-11-21 | N/A | 8.8 HIGH |
| An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an unauthenticated attacker within the same network to execute arbitrary code. | |||||
| CVE-2024-29825 | 1 Ivanti | 1 Endpoint Manager | 2024-11-21 | N/A | 8.8 HIGH |
| An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an unauthenticated attacker within the same network to execute arbitrary code. | |||||