Vulnerabilities > Ivanti > High

DATE CVE VULNERABILITY TITLE RISK
2024-09-12 CVE-2024-32840 SQL Injection vulnerability in Ivanti Endpoint Manager
An unspecified SQL injection in Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote authenticated attacker with admin privileges to achieve remote code execution.
network
low complexity
ivanti CWE-89
7.2
7.2
2024-09-12 CVE-2024-32842 SQL Injection vulnerability in Ivanti Endpoint Manager
An unspecified SQL injection in Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote authenticated attacker with admin privileges to achieve remote code execution.
network
low complexity
ivanti CWE-89
7.2
7.2
2024-09-12 CVE-2024-32843 SQL Injection vulnerability in Ivanti Endpoint Manager
An unspecified SQL injection in Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote authenticated attacker with admin privileges to achieve remote code execution.
network
low complexity
ivanti CWE-89
7.2
7.2
2024-09-12 CVE-2024-32845 SQL Injection vulnerability in Ivanti Endpoint Manager
An unspecified SQL injection in Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote authenticated attacker with admin privileges to achieve remote code execution.
network
low complexity
ivanti CWE-89
7.2
7.2
2024-09-12 CVE-2024-32846 SQL Injection vulnerability in Ivanti Endpoint Manager
An unspecified SQL injection in Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote authenticated attacker with admin privileges to achieve remote code execution.
network
low complexity
ivanti CWE-89
7.2
7.2
2024-09-12 CVE-2024-32848 SQL Injection vulnerability in Ivanti Endpoint Manager
An unspecified SQL injection in Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote authenticated attacker with admin privileges to achieve remote code execution.
network
low complexity
ivanti CWE-89
7.2
7.2
2024-09-12 CVE-2024-34779 SQL Injection vulnerability in Ivanti Endpoint Manager
An unspecified SQL injection in Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote authenticated attacker with admin privileges to achieve remote code execution.
network
low complexity
ivanti CWE-89
7.2
7.2
2024-09-12 CVE-2024-34783 SQL Injection vulnerability in Ivanti Endpoint Manager
An unspecified SQL injection in Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote authenticated attacker with admin privileges to achieve remote code execution.
network
low complexity
ivanti CWE-89
7.2
7.2
2024-09-12 CVE-2024-34785 SQL Injection vulnerability in Ivanti Endpoint Manager
An unspecified SQL injection in Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote authenticated attacker with admin privileges to achieve remote code execution.
network
low complexity
ivanti CWE-89
7.2
7.2
2024-09-10 CVE-2024-44103 Untrusted Search Path vulnerability in Ivanti Workspace Control
DLL hijacking in the management console of Ivanti Workspace Control version 10.18.0.0 and below allows a local authenticated attacker to escalate their privileges.
local
low complexity
ivanti CWE-426
7.8
7.8