Vulnerabilities > Ivanti > Endpoint Manager
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-09-12 | CVE-2024-32843 | SQL Injection vulnerability in Ivanti Endpoint Manager An unspecified SQL injection in Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote authenticated attacker with admin privileges to achieve remote code execution. | 7.2 |
| 2024-09-12 | CVE-2024-32845 | SQL Injection vulnerability in Ivanti Endpoint Manager An unspecified SQL injection in Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote authenticated attacker with admin privileges to achieve remote code execution. | 7.2 |
| 2024-09-12 | CVE-2024-32846 | SQL Injection vulnerability in Ivanti Endpoint Manager An unspecified SQL injection in Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote authenticated attacker with admin privileges to achieve remote code execution. | 7.2 |
| 2024-09-12 | CVE-2024-32848 | SQL Injection vulnerability in Ivanti Endpoint Manager An unspecified SQL injection in Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote authenticated attacker with admin privileges to achieve remote code execution. | 7.2 |
| 2024-09-12 | CVE-2024-34779 | SQL Injection vulnerability in Ivanti Endpoint Manager An unspecified SQL injection in Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote authenticated attacker with admin privileges to achieve remote code execution. | 7.2 |
| 2024-09-12 | CVE-2024-34783 | SQL Injection vulnerability in Ivanti Endpoint Manager An unspecified SQL injection in Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote authenticated attacker with admin privileges to achieve remote code execution. | 7.2 |
| 2024-09-12 | CVE-2024-34785 | SQL Injection vulnerability in Ivanti Endpoint Manager An unspecified SQL injection in Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote authenticated attacker with admin privileges to achieve remote code execution. | 7.2 |
| 2024-09-10 | CVE-2024-8191 | SQL Injection vulnerability in Ivanti Endpoint Manager SQL injection in the management console of Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote unauthenticated attacker to achieve remote code execution. | 9.8 |
| 2024-09-10 | CVE-2024-8320 | Missing Authentication for Critical Function vulnerability in Ivanti Endpoint Manager Missing authentication in Network Isolation of Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote unauthenticated attacker to spoof Network Isolation status of managed devices. | 5.3 |
| 2024-09-10 | CVE-2024-8321 | Missing Authentication for Critical Function vulnerability in Ivanti Endpoint Manager Missing authentication in Network Isolation of Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote unauthenticated attacker to isolate managed devices from the network. | 8.6 |