cbcvebase.

Ivanti Endpoint Manager vulnerabilities

116 known vulnerabilities affecting ivanti/endpoint_manager.

Total CVEs
116
CISA KEV
5
actively exploited
Public exploits
6
Exploited in wild
5
Severity breakdown
CRITICAL10HIGH82MEDIUM24

Vulnerabilities

Page 4 of 6
CVE-2025-62383P3MEDIUMCVSS 6.5fixed in 2024v20242025-10-13
CVE-2025-62383 [MEDIUM] CWE-89 CVE-2025-62383: SQL injection in Ivanti Endpoint Manager before version 2024 SU5 allows a remote authenticated attac SQL injection in Ivanti Endpoint Manager before version 2024 SU5 allows a remote authenticated attacker to read arbitrary data from the database.
nvd
CVE-2025-62384P3MEDIUMCVSS 6.5fixed in 2024v20242025-10-13
CVE-2025-62384 [MEDIUM] CWE-89 CVE-2025-62384: SQL injection in Ivanti Endpoint Manager before version 2024 SU5 allows a remote authenticated attac SQL injection in Ivanti Endpoint Manager before version 2024 SU5 allows a remote authenticated attacker to read arbitrary data from the database.
nvd
CVE-2025-62392P3MEDIUMCVSS 6.5fixed in 2024v20242025-10-13
CVE-2025-62392 [MEDIUM] CWE-89 CVE-2025-62392: SQL injection in Ivanti Endpoint Manager before version 2024 SU5 allows a remote authenticated attac SQL injection in Ivanti Endpoint Manager before version 2024 SU5 allows a remote authenticated attacker to read arbitrary data from the database.
nvd
CVE-2025-62388P3MEDIUMCVSS 6.5fixed in 2024v20242025-10-13
CVE-2025-62388 [MEDIUM] CWE-89 CVE-2025-62388: SQL injection in Ivanti Endpoint Manager before version 2024 SU5 allows a remote authenticated attac SQL injection in Ivanti Endpoint Manager before version 2024 SU5 allows a remote authenticated attacker to read arbitrary data from the database.
nvd
CVE-2025-62385P3MEDIUMCVSS 6.5fixed in 2024v20242025-10-13
CVE-2025-62385 [MEDIUM] CWE-89 CVE-2025-62385: SQL injection in Ivanti Endpoint Manager before version 2024 SU5 allows a remote authenticated attac SQL injection in Ivanti Endpoint Manager before version 2024 SU5 allows a remote authenticated attacker to read arbitrary data from the database.
nvd
CVE-2025-62386P3MEDIUMCVSS 6.5fixed in 2024v20242025-10-13
CVE-2025-62386 [MEDIUM] CWE-89 CVE-2025-62386: SQL injection in Ivanti Endpoint Manager before version 2024 SU5 allows a remote authenticated attac SQL injection in Ivanti Endpoint Manager before version 2024 SU5 allows a remote authenticated attacker to read arbitrary data from the database.
nvd
CVE-2025-62391P3MEDIUMCVSS 6.5fixed in 2024v20242025-10-13
CVE-2025-62391 [MEDIUM] CWE-89 CVE-2025-62391: SQL injection in Ivanti Endpoint Manager before version 2024 SU5 allows a remote authenticated attac SQL injection in Ivanti Endpoint Manager before version 2024 SU5 allows a remote authenticated attacker to read arbitrary data from the database.
nvd
CVE-2026-1602P3MEDIUMCVSS 6.5fixed in 2024v20242026-02-10
CVE-2026-1602 [MEDIUM] CWE-89 CVE-2026-1602: SQL injection in Ivanti Endpoint Manager before version 2024 SU5 allows a remote authenticated attac SQL injection in Ivanti Endpoint Manager before version 2024 SU5 allows a remote authenticated attacker to read arbitrary data from the database.
nvd
CVE-2024-10811P3HIGHCVSS 7.5fixed in 2022v2022+1 more2025-01-14
CVE-2024-10811 [HIGH] CWE-36 CVE-2024-10811: Absolute path traversal in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 Janu Absolute path traversal in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to leak sensitive information.
nvd
CVE-2024-13158P3HIGHCVSS 7.2fixed in 2024v20222025-01-14
CVE-2024-13158 [HIGH] CWE-22 CVE-2024-13158: An unbounded resource search path in Ivanti EPM before the 2024 January-2025 Security Update and 202 An unbounded resource search path in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote authenticated attacker with admin privileges to achieve remote code execution.
nvd
CVE-2024-50328P3HIGHCVSS 7.2fixed in 2022v2022+1 more2024-11-12
CVE-2024-50328 [HIGH] CWE-89 CVE-2024-50328: SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November S SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote authenticated attacker with admin privileges to achieve remote code execution.
nvd
CVE-2025-7037P3HIGHCVSS 7.2fixed in 2022v2022+1 more2025-07-08
CVE-2025-7037 [HIGH] CWE-89 CVE-2025-7037: SQL injection in Ivanti Endpoint Manager before version 2024 SU3 and 2022 SU8 Security Update 1 allo SQL injection in Ivanti Endpoint Manager before version 2024 SU3 and 2022 SU8 Security Update 1 allows a remote authenticated attacker with admin privileges to read arbitrary data from the database
nvd
CVE-2024-32843P3HIGHCVSS 7.2fixed in 2022v2022+1 more2024-09-12
CVE-2024-32843 [HIGH] CWE-89 CVE-2024-32843: An unspecified SQL injection in Ivanti EPM before 2022 SU6, or the 2024 September update allows a re An unspecified SQL injection in Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote authenticated attacker with admin privileges to achieve remote code execution.
nvd
CVE-2024-32846P3HIGHCVSS 7.2fixed in 2022v2022+1 more2024-09-12
CVE-2024-32846 [HIGH] CWE-89 CVE-2024-32846: An unspecified SQL injection in Ivanti EPM before 2022 SU6, or the 2024 September update allows a re An unspecified SQL injection in Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote authenticated attacker with admin privileges to achieve remote code execution.
nvd
CVE-2024-32842P3HIGHCVSS 7.2fixed in 2022v2022+1 more2024-09-12
CVE-2024-32842 [HIGH] CWE-89 CVE-2024-32842: An unspecified SQL injection in Ivanti EPM before 2022 SU6, or the 2024 September update allows a re An unspecified SQL injection in Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote authenticated attacker with admin privileges to achieve remote code execution.
nvd
CVE-2025-13662P3HIGHCVSS 7.8fixed in 2024v20242025-12-09
CVE-2025-13662 [HIGH] CWE-347 CVE-2025-13662: Improper verification of cryptographic signatures in the patch management component of Ivanti Endpoi Improper verification of cryptographic signatures in the patch management component of Ivanti Endpoint Manager prior to version 2024 SU4 SR1 allows a remote unauthenticated attacker to execute arbitrary code. User Interaction is required.
nvd
CVE-2024-34782P3HIGHCVSS 7.2fixed in 2022v2022+1 more2024-11-13
CVE-2024-34782 [HIGH] CWE-89 CVE-2024-34782: SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November S SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote authenticated attacker with admin privileges to achieve remote code execution.
nvd
CVE-2024-34780P3HIGHCVSS 7.2fixed in 2022v2022+1 more2024-11-13
CVE-2024-34780 [HIGH] CWE-89 CVE-2024-34780: SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November S SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote authenticated attacker with admin privileges to achieve remote code execution.
nvd
CVE-2024-32844P3HIGHCVSS 7.2fixed in 2022v2022+1 more2024-11-13
CVE-2024-32844 [HIGH] CWE-89 CVE-2024-32844: SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November S SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote authenticated attacker with admin privileges to achieve remote code execution.
nvd
CVE-2024-34784P3HIGHCVSS 7.2fixed in 2022v2022+1 more2024-11-13
CVE-2024-34784 [HIGH] CWE-89 CVE-2024-34784: SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November S SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote authenticated attacker with admin privileges to achieve remote code execution.
nvd
Ivanti Endpoint Manager vulnerabilities | cvebase