Vulnerabilities > Ivanti > Endpoint Manager
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-07-21 | CVE-2023-35077 | Out-of-bounds Write vulnerability in Ivanti Endpoint Manager An out-of-bounds write vulnerability on windows operating systems causes the Ivanti AntiVirus Product to crash. | 7.5 |
| 2023-07-01 | CVE-2023-28323 | Deserialization of Untrusted Data vulnerability in Ivanti Endpoint Manager A deserialization of untrusted data exists in EPM 2022 Su3 and all prior versions that allows an unauthenticated user to elevate rights. | 9.8 |
| 2023-07-01 | CVE-2023-28324 | Improper Input Validation vulnerability in Ivanti Endpoint Manager A improper input validation vulnerability exists in Ivanti Endpoint Manager 2022 and below that could allow privilege escalation or remote code execution. | 9.8 |
| 2022-12-05 | CVE-2022-27773 | Unspecified vulnerability in Ivanti Endpoint Manager A privilege escalation vulnerability is identified in Ivanti EPM (LANDesk Management Suite) that allows a user to execute commands with elevated privileges. | 9.8 |
| 2022-12-05 | CVE-2022-35259 | XML Injection (aka Blind XPath Injection) vulnerability in Ivanti Endpoint Manager XML Injection with Endpoint Manager 2022. | 7.8 |
| 2022-09-23 | CVE-2022-30121 | Unspecified vulnerability in Ivanti Endpoint Manager The “LANDesk(R) Management Agent” service exposes a socket and once connected, it is possible to launch commands only for signed executables. | 6.7 |
| 2020-11-16 | CVE-2020-13773 | Cross-site Scripting vulnerability in Ivanti Endpoint Manager Ivanti Endpoint Manager through 2020.1.1 allows XSS via /LDMS/frm_splitfrm.aspx, /LDMS/licensecheck.aspx, /LDMS/frm_splitcollapse.aspx, /LDMS/alert_log.aspx, /LDMS/ServerList.aspx, /LDMS/frm_coremainfrm.aspx, /LDMS/frm_findfrm.aspx, /LDMS/frm_taskfrm.aspx, and /LDMS/query_browsecomp.aspx. | 5.4 |
| 2020-11-16 | CVE-2020-13772 | Unspecified vulnerability in Ivanti Endpoint Manager In /ldclient/ldprov.cgi in Ivanti Endpoint Manager through 2020.1.1, an attacker is able to disclose information about the server operating system, local pathnames, and environment variables with no authentication required. | 5.3 |
| 2020-11-16 | CVE-2020-13769 | SQL Injection vulnerability in Ivanti Endpoint Manager LDMS/alert_log.aspx in Ivanti Endpoint Manager through 2020.1 allows SQL Injection via a /remotecontrolauth/api/device request. | 8.8 |
| 2020-11-12 | CVE-2020-13774 | Unrestricted Upload of File with Dangerous Type vulnerability in Ivanti Endpoint Manager 2019.1/2020.1 An unrestricted file-upload issue in EditLaunchPadDialog.aspx in Ivanti Endpoint Manager 2019.1 and 2020.1 allows an authenticated attacker to gain remote code execution by uploading a malicious aspx file. | 9.9 |