Vulnerabilities > Ivanti > Endpoint Manager > 2022

DATE CVE VULNERABILITY TITLE RISK
2025-04-08 CVE-2025-22458 Unspecified vulnerability in Ivanti Endpoint Manager
DLL hijacking in Ivanti Endpoint Manager before version 2024 SU1 or before version 2022 SU7 allows an authenticated attacker to escalate to System.
local
low complexity
ivanti
7.8
2025-04-08 CVE-2025-22459 Improper Following of a Certificate's Chain of Trust vulnerability in Ivanti Endpoint Manager
Improper certificate validation in Ivanti Endpoint Manager before version 2024 SU1 or before version 2022 SU7 allows a remote unauthenticated attacker to intercept limited traffic between clients and servers.
network
high complexity
ivanti CWE-296
4.8
2025-04-08 CVE-2025-22461 SQL Injection vulnerability in Ivanti Endpoint Manager
SQL injection in Ivanti Endpoint Manager before version 2024 SU1 or before version 2022 SU7 allows a remote authenticated attacker with admin privileges to achieve code execution.
network
low complexity
ivanti CWE-89
7.2
2025-04-08 CVE-2025-22464 Untrusted Pointer Dereference vulnerability in Ivanti Endpoint Manager
An untrusted pointer dereference vulnerability in Ivanti Endpoint Manager before version 2024 SU1 or before version 2022 SU7 allows an attacker with local access to write arbitrary data into memory causing a denial-of-service condition.
local
low complexity
ivanti CWE-822
6.1
2025-04-08 CVE-2025-22465 Cross-site Scripting vulnerability in Ivanti Endpoint Manager
Reflected XSS in Ivanti Endpoint Manager before version 2024 SU1 or before version 2022 SU7 allows a remote unauthenticated attacker to execute arbitrary javascript in a victim's browser.
network
low complexity
ivanti CWE-79
6.1
2025-04-08 CVE-2025-22466 Cross-site Scripting vulnerability in Ivanti Endpoint Manager
Reflected XSS in Ivanti Endpoint Manager before version 2024 SU1 or before version 2022 SU7 allows a remote unauthenticated attacker to obtain admin privileges.
network
low complexity
ivanti CWE-79
critical
9.6
2025-01-14 CVE-2024-13159 Unspecified vulnerability in Ivanti Endpoint Manager 2021.1.1/2022/2024
Absolute path traversal in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to leak sensitive information.
network
low complexity
ivanti
7.5
2025-01-14 CVE-2024-13160 Unspecified vulnerability in Ivanti Endpoint Manager 2021.1.1/2022/2024
Absolute path traversal in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to leak sensitive information.
network
low complexity
ivanti
7.5
2025-01-14 CVE-2024-13161 Unspecified vulnerability in Ivanti Endpoint Manager 2021.1.1/2022/2024
Absolute path traversal in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to leak sensitive information.
network
low complexity
ivanti
7.5
2024-11-13 CVE-2024-32839 Unspecified vulnerability in Ivanti Endpoint Manager
SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote authenticated attacker with admin privileges to achieve remote code execution.
network
low complexity
ivanti
7.2