Vulnerabilities > Ivanti > Endpoint Manager > 2022

DATE CVE VULNERABILITY TITLE RISK
2023-07-01 CVE-2023-28323 Deserialization of Untrusted Data vulnerability in Ivanti Endpoint Manager
A deserialization of untrusted data exists in EPM 2022 Su3 and all prior versions that allows an unauthenticated user to elevate rights.
network
low complexity
ivanti CWE-502
critical
 9.8
9.8
2022-12-05 CVE-2022-27773 Unspecified vulnerability in Ivanti Endpoint Manager
A privilege escalation vulnerability is identified in Ivanti EPM (LANDesk Management Suite) that allows a user to execute commands with elevated privileges.
network
low complexity
ivanti
critical
 9.8
9.8
2022-12-05 CVE-2022-35259 XML Injection (aka Blind XPath Injection) vulnerability in Ivanti Endpoint Manager
XML Injection with Endpoint Manager 2022.
local
low complexity
ivanti CWE-91
7.8
7.8