Vulnerabilities > Ivanti > Endpoint Manager > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-01-09 | CVE-2023-39336 | SQL Injection vulnerability in Ivanti Endpoint Manager An unspecified SQL Injection vulnerability in Ivanti Endpoint Manager released prior to 2022 SU 5 allows an attacker with access to the internal network to execute arbitrary SQL queries and retrieve output without the need for authentication. | 8.8 |
| 2023-09-21 | CVE-2023-38343 | XXE vulnerability in Ivanti Endpoint Manager An XXE (XML external entity injection) vulnerability exists in the CSEP component of Ivanti Endpoint Manager before 2022 SU4. | 7.5 |
| 2023-07-21 | CVE-2023-35077 | Out-of-bounds Write vulnerability in Ivanti Endpoint Manager An out-of-bounds write vulnerability on windows operating systems causes the Ivanti AntiVirus Product to crash. | 7.5 |
| 2022-12-05 | CVE-2022-35259 | XML Injection (aka Blind XPath Injection) vulnerability in Ivanti Endpoint Manager XML Injection with Endpoint Manager 2022. | 7.8 |
| 2020-11-12 | CVE-2020-13770 | Incorrect Default Permissions vulnerability in Ivanti Endpoint Manager Several services are accessing named pipes in Ivanti Endpoint Manager through 2020.1.1 with default or overly permissive security attributes; as these services run as user ‘NT AUTHORITY\SYSTEM’, the issue can be used to escalate privileges from a local standard or service account having SeImpersonatePrivilege (eg. | 7.2 |
| 2019-07-11 | CVE-2019-10651 | Unspecified vulnerability in Ivanti Endpoint Manager 2017.3/2018.1/2018.3 An issue was discovered in the Core Server in Ivanti Endpoint Manager (EPM) 2017.3 before SU7 and 2018.x before 2018.3 SU3, with remote code execution. | 7.5 |