Vulnerabilities > Ivanti > Endpoint Manager

DATE CVE VULNERABILITY TITLE RISK
2024-09-12 CVE-2024-29847 Deserialization of Untrusted Data vulnerability in Ivanti Endpoint Manager
Deserialization of untrusted data in the agent portal of Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote unauthenticated attacker to achieve remote code execution.
network
low complexity
ivanti CWE-502
critical
 9.8
9.8
2024-09-12 CVE-2024-32840 SQL Injection vulnerability in Ivanti Endpoint Manager
An unspecified SQL injection in Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote authenticated attacker with admin privileges to achieve remote code execution.
network
low complexity
ivanti CWE-89
7.2
7.2
2024-09-12 CVE-2024-32842 SQL Injection vulnerability in Ivanti Endpoint Manager
An unspecified SQL injection in Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote authenticated attacker with admin privileges to achieve remote code execution.
network
low complexity
ivanti CWE-89
7.2
7.2
2024-09-12 CVE-2024-32843 SQL Injection vulnerability in Ivanti Endpoint Manager
An unspecified SQL injection in Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote authenticated attacker with admin privileges to achieve remote code execution.
network
low complexity
ivanti CWE-89
7.2
7.2
2024-09-12 CVE-2024-32845 SQL Injection vulnerability in Ivanti Endpoint Manager
An unspecified SQL injection in Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote authenticated attacker with admin privileges to achieve remote code execution.
network
low complexity
ivanti CWE-89
7.2
7.2
2024-09-12 CVE-2024-32846 SQL Injection vulnerability in Ivanti Endpoint Manager
An unspecified SQL injection in Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote authenticated attacker with admin privileges to achieve remote code execution.
network
low complexity
ivanti CWE-89
7.2
7.2
2024-09-12 CVE-2024-32848 SQL Injection vulnerability in Ivanti Endpoint Manager
An unspecified SQL injection in Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote authenticated attacker with admin privileges to achieve remote code execution.
network
low complexity
ivanti CWE-89
7.2
7.2
2024-09-12 CVE-2024-34779 SQL Injection vulnerability in Ivanti Endpoint Manager
An unspecified SQL injection in Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote authenticated attacker with admin privileges to achieve remote code execution.
network
low complexity
ivanti CWE-89
7.2
7.2
2024-09-12 CVE-2024-34783 SQL Injection vulnerability in Ivanti Endpoint Manager
An unspecified SQL injection in Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote authenticated attacker with admin privileges to achieve remote code execution.
network
low complexity
ivanti CWE-89
7.2
7.2
2024-09-12 CVE-2024-34785 SQL Injection vulnerability in Ivanti Endpoint Manager
An unspecified SQL injection in Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote authenticated attacker with admin privileges to achieve remote code execution.
network
low complexity
ivanti CWE-89
7.2
7.2