Vulnerabilities > Ivanti > Endpoint Manager

DATE CVE VULNERABILITY TITLE RISK
2024-09-10 CVE-2024-8322 Unspecified vulnerability in Ivanti Endpoint Manager
Weak authentication in Patch Management of Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote authenticated attacker to access restricted functionality.
network
low complexity
ivanti
8.8
8.8
2024-09-10 CVE-2024-8441 Uncontrolled Search Path Element vulnerability in Ivanti Endpoint Manager
An uncontrolled search path in the agent of Ivanti EPM before 2022 SU6, or the 2024 September update allows a local authenticated attacker with admin privileges to escalate their privileges to SYSTEM.
local
low complexity
ivanti CWE-427
6.7
6.7
2024-05-31 CVE-2024-29822 SQL Injection vulnerability in Ivanti Endpoint Manager
An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an unauthenticated attacker within the same network to execute arbitrary code.
low complexity
ivanti CWE-89
8.8
8.8
2024-05-31 CVE-2024-29823 SQL Injection vulnerability in Ivanti Endpoint Manager
An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an unauthenticated attacker within the same network to execute arbitrary code.
low complexity
ivanti CWE-89
8.8
8.8
2024-05-31 CVE-2024-29824 SQL Injection vulnerability in Ivanti Endpoint Manager
An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an unauthenticated attacker within the same network to execute arbitrary code.
low complexity
ivanti CWE-89
8.8
8.8
2024-05-31 CVE-2024-29825 SQL Injection vulnerability in Ivanti Endpoint Manager
An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an unauthenticated attacker within the same network to execute arbitrary code.
low complexity
ivanti CWE-89
8.8
8.8
2024-05-31 CVE-2024-29826 SQL Injection vulnerability in Ivanti Endpoint Manager
An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an unauthenticated attacker within the same network to execute arbitrary code.
low complexity
ivanti CWE-89
8.8
8.8
2024-05-31 CVE-2024-29827 SQL Injection vulnerability in Ivanti Endpoint Manager
An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an unauthenticated attacker within the same network to execute arbitrary code.
low complexity
ivanti CWE-89
8.8
8.8
2024-05-31 CVE-2024-29828 SQL Injection vulnerability in Ivanti Endpoint Manager
An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an authenticated attacker within the same network to execute arbitrary code.
low complexity
ivanti CWE-89
8.0
8.0
2024-05-31 CVE-2024-29829 SQL Injection vulnerability in Ivanti Endpoint Manager
An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an authenticated attacker within the same network to execute arbitrary code.
low complexity
ivanti CWE-89
8.0
8.0