Vulnerabilities > Ivanti > Endpoint Manager > Critical

DATE CVE VULNERABILITY TITLE RISK
2024-09-12 CVE-2024-29847 Deserialization of Untrusted Data vulnerability in Ivanti Endpoint Manager
Deserialization of untrusted data in the agent portal of Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote unauthenticated attacker to achieve remote code execution.
network
low complexity
ivanti CWE-502
critical
9.8
2024-09-10 CVE-2024-8191 SQL Injection vulnerability in Ivanti Endpoint Manager
SQL injection in the management console of Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote unauthenticated attacker to achieve remote code execution.
network
low complexity
ivanti CWE-89
critical
9.8
2023-10-18 CVE-2023-35084 Deserialization of Untrusted Data vulnerability in Ivanti Endpoint Manager
Unsafe Deserialization of User Input could lead to Execution of Unauthorized Operations in Ivanti Endpoint Manager 2022 su3 and all previous versions, which could allow an attacker to execute commands remotely.
network
low complexity
ivanti CWE-502
critical
9.8
2023-07-01 CVE-2023-28324 Improper Input Validation vulnerability in Ivanti Endpoint Manager
A improper input validation vulnerability exists in Ivanti Endpoint Manager 2022 and below that could allow privilege escalation or remote code execution.
network
low complexity
ivanti CWE-20
critical
9.8
2023-07-01 CVE-2023-28323 Deserialization of Untrusted Data vulnerability in Ivanti Endpoint Manager
A deserialization of untrusted data exists in EPM 2022 Su3 and all prior versions that allows an unauthenticated user to elevate rights.
network
low complexity
ivanti CWE-502
critical
9.8
2022-12-05 CVE-2022-27773 Unspecified vulnerability in Ivanti Endpoint Manager
A privilege escalation vulnerability is identified in Ivanti EPM (LANDesk Management Suite) that allows a user to execute commands with elevated privileges.
network
low complexity
ivanti
critical
9.8
2020-11-12 CVE-2020-13774 Unrestricted Upload of File with Dangerous Type vulnerability in Ivanti Endpoint Manager 2019.1/2020.1
An unrestricted file-upload issue in EditLaunchPadDialog.aspx in Ivanti Endpoint Manager 2019.1 and 2020.1 allows an authenticated attacker to gain remote code execution by uploading a malicious aspx file.
network
low complexity
ivanti CWE-434
critical
9.9
2019-07-11 CVE-2019-10651 Unspecified vulnerability in Ivanti Endpoint Manager 2017.3/2018.1/2018.3
An issue was discovered in the Core Server in Ivanti Endpoint Manager (EPM) 2017.3 before SU7 and 2018.x before 2018.3 SU3, with remote code execution.
network
low complexity
ivanti
critical
9.8