Vulnerabilities > Ivanti > Endpoint Manager > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-09-12 | CVE-2024-32845 | SQL Injection vulnerability in Ivanti Endpoint Manager An unspecified SQL injection in Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote authenticated attacker with admin privileges to achieve remote code execution. | 7.2 |
| 2024-09-12 | CVE-2024-32846 | SQL Injection vulnerability in Ivanti Endpoint Manager An unspecified SQL injection in Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote authenticated attacker with admin privileges to achieve remote code execution. | 7.2 |
| 2024-09-12 | CVE-2024-32848 | SQL Injection vulnerability in Ivanti Endpoint Manager An unspecified SQL injection in Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote authenticated attacker with admin privileges to achieve remote code execution. | 7.2 |
| 2024-09-12 | CVE-2024-34779 | SQL Injection vulnerability in Ivanti Endpoint Manager An unspecified SQL injection in Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote authenticated attacker with admin privileges to achieve remote code execution. | 7.2 |
| 2024-09-12 | CVE-2024-34783 | SQL Injection vulnerability in Ivanti Endpoint Manager An unspecified SQL injection in Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote authenticated attacker with admin privileges to achieve remote code execution. | 7.2 |
| 2024-09-12 | CVE-2024-34785 | SQL Injection vulnerability in Ivanti Endpoint Manager An unspecified SQL injection in Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote authenticated attacker with admin privileges to achieve remote code execution. | 7.2 |
| 2024-09-10 | CVE-2024-8321 | Missing Authentication for Critical Function vulnerability in Ivanti Endpoint Manager Missing authentication in Network Isolation of Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote unauthenticated attacker to isolate managed devices from the network. | 8.6 |
| 2024-09-10 | CVE-2024-8322 | Unspecified vulnerability in Ivanti Endpoint Manager Weak authentication in Patch Management of Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote authenticated attacker to access restricted functionality. | 8.8 |
| 2024-05-31 | CVE-2024-29822 | SQL Injection vulnerability in Ivanti Endpoint Manager An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an unauthenticated attacker within the same network to execute arbitrary code. | 8.8 |
| 2024-05-31 | CVE-2024-29823 | SQL Injection vulnerability in Ivanti Endpoint Manager An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an unauthenticated attacker within the same network to execute arbitrary code. | 8.8 |