Vulnerabilities > Ivanti > Endpoint Manager > High

DATE CVE VULNERABILITY TITLE RISK
2024-09-12 CVE-2024-32840 SQL Injection vulnerability in Ivanti Endpoint Manager
An unspecified SQL injection in Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote authenticated attacker with admin privileges to achieve remote code execution.
network
low complexity
ivanti CWE-89
7.2
2024-09-12 CVE-2024-32842 SQL Injection vulnerability in Ivanti Endpoint Manager
An unspecified SQL injection in Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote authenticated attacker with admin privileges to achieve remote code execution.
network
low complexity
ivanti CWE-89
7.2
2024-09-12 CVE-2024-32843 SQL Injection vulnerability in Ivanti Endpoint Manager
An unspecified SQL injection in Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote authenticated attacker with admin privileges to achieve remote code execution.
network
low complexity
ivanti CWE-89
7.2
2024-09-12 CVE-2024-32845 SQL Injection vulnerability in Ivanti Endpoint Manager
An unspecified SQL injection in Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote authenticated attacker with admin privileges to achieve remote code execution.
network
low complexity
ivanti CWE-89
7.2
2024-09-12 CVE-2024-32846 SQL Injection vulnerability in Ivanti Endpoint Manager
An unspecified SQL injection in Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote authenticated attacker with admin privileges to achieve remote code execution.
network
low complexity
ivanti CWE-89
7.2
2024-09-12 CVE-2024-32848 SQL Injection vulnerability in Ivanti Endpoint Manager
An unspecified SQL injection in Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote authenticated attacker with admin privileges to achieve remote code execution.
network
low complexity
ivanti CWE-89
7.2
2024-09-12 CVE-2024-34779 SQL Injection vulnerability in Ivanti Endpoint Manager
An unspecified SQL injection in Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote authenticated attacker with admin privileges to achieve remote code execution.
network
low complexity
ivanti CWE-89
7.2
2024-09-12 CVE-2024-34783 SQL Injection vulnerability in Ivanti Endpoint Manager
An unspecified SQL injection in Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote authenticated attacker with admin privileges to achieve remote code execution.
network
low complexity
ivanti CWE-89
7.2
2024-09-12 CVE-2024-34785 SQL Injection vulnerability in Ivanti Endpoint Manager
An unspecified SQL injection in Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote authenticated attacker with admin privileges to achieve remote code execution.
network
low complexity
ivanti CWE-89
7.2
2024-09-10 CVE-2024-8321 Missing Authentication for Critical Function vulnerability in Ivanti Endpoint Manager
Missing authentication in Network Isolation of Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote unauthenticated attacker to isolate managed devices from the network.
network
low complexity
ivanti CWE-306
8.6