cbcvebase.

Ivanti Endpoint Manager Mobile vulnerabilities

28 known vulnerabilities affecting ivanti/endpoint_manager_mobile.

Total CVEs
28
CISA KEV
8
actively exploited
Public exploits
6
Exploited in wild
8
Severity breakdown
CRITICAL10HIGH13MEDIUM5

Vulnerabilities

Page 1 of 2
CVE-2023-35082P1CRITICALCVSS 9.8KEVPoCRansomwarefixed in 11.11.02023-08-15
CVE-2023-35082 [CRITICAL] CVE-2023-35082: An authentication bypass vulnerability in Ivanti EPMM 11.10 and older, allows unauthorized users to An authentication bypass vulnerability in Ivanti EPMM 11.10 and older, allows unauthorized users to access restricted functionality or resources of the application without proper authentication. This vulnerability is unique to CVE-2023-35078 announced earlier.
nvd
CVE-2023-35078P1CRITICALCVSS 9.8KEVPoCRansomwarefixed in 11.8.1.1≥ 11.9.0, < 11.9.1.1+1 more2023-07-25
CVE-2023-35078 [CRITICAL] CWE-287 CVE-2023-35078: An authentication bypass vulnerability in Ivanti EPMM allows unauthorized users to access restricted An authentication bypass vulnerability in Ivanti EPMM allows unauthorized users to access restricted functionality or resources of the application without proper authentication.
nvd
CVE-2026-1340P1CRITICALCVSS 9.8KEVPoCRansomware≤ 12.7.0.02026-01-29
CVE-2026-1340 [CRITICAL] CWE-94 CVE-2026-1340: A code injection in Ivanti Endpoint Manager Mobile allowing attackers to achieve unauthenticated rem A code injection in Ivanti Endpoint Manager Mobile allowing attackers to achieve unauthenticated remote code execution.
nvd
CVE-2026-1281P1CRITICALCVSS 9.8KEVPoCRansomware≤ 12.5.0.0v12.5.1.0+3 more2026-01-29
CVE-2026-1281 [CRITICAL] CWE-94 CVE-2026-1281: A code injection in Ivanti Endpoint Manager Mobile allowing attackers to achieve unauthenticated rem A code injection in Ivanti Endpoint Manager Mobile allowing attackers to achieve unauthenticated remote code execution.
nvd
CVE-2025-4427P1HIGHCVSS 7.5KEVPoCfixed in 11.12.0.5≥ 12.3.0.0, < 12.3.0.2+2 more2025-05-13
CVE-2025-4427 [HIGH] CWE-288 CVE-2025-4427: An authentication bypass in the API component of Ivanti Endpoint Manager Mobile 12.5.0.0 and prior a An authentication bypass in the API component of Ivanti Endpoint Manager Mobile 12.5.0.0 and prior allows attackers to access protected resources without proper credentials via the API.
nvd
CVE-2025-4428P1HIGHCVSS 8.8KEVPoCfixed in 11.12.0.5≥ 12.3.0.0, < 12.3.0.2+2 more2025-05-13
CVE-2025-4428 [HIGH] CWE-94 CVE-2025-4428: Remote Code Execution in API component in Ivanti Endpoint Manager Mobile 12.5.0.0 and prior on unspe Remote Code Execution in API component in Ivanti Endpoint Manager Mobile 12.5.0.0 and prior on unspecified platforms allows authenticated attackers to execute arbitrary code via crafted API requests.
nvd
CVE-2023-35081P1HIGHCVSS 7.2KEV≥ 11.8.0, < 11.8.1.2≥ 11.9.0, < 11.9.1.2+1 more2023-08-03
CVE-2023-35081 [HIGH] CWE-22 CVE-2023-35081: A path traversal vulnerability in Ivanti EPMM versions (11.10.x < 11.10.0.3, 11.9.x < 11.9.1.2 and A path traversal vulnerability in Ivanti EPMM versions (11.10.x < 11.10.0.3, 11.9.x < 11.9.1.2 and 11.8.x < 11.8.1.2) allows an authenticated administrator to write arbitrary files onto the appliance.
nvd
CVE-2026-6973P1HIGHCVSS 7.2KEVfixed in 12.6.1.1v12.7.0.0+1 more2026-05-07
CVE-2026-6973 [HIGH] CWE-20 CVE-2026-6973: An Improper Input Validation in Ivanti EPMM before versions 12.6.1.1, 12.7.0.1, and 12.8.0.1 allows An Improper Input Validation in Ivanti EPMM before versions 12.6.1.1, 12.7.0.1, and 12.8.0.1 allows a remotely authenticated user with administrative access to achieve remote code execution.
nvd
CVE-2026-5788P2CRITICALCVSS 9.8fixed in 12.6.1.1v12.7.0.0+1 more2026-05-07
CVE-2026-5788 [CRITICAL] CWE-284 CVE-2026-5788: An Improper Access Control in Ivanti EPMM before versions 12.6.1.1, 12.7.0.1, and 12.8.0.1 allows a An Improper Access Control in Ivanti EPMM before versions 12.6.1.1, 12.7.0.1, and 12.8.0.1 allows a remote unauthenticated attacker to invoke arbitrary methods.
nvd
CVE-2025-10985P2HIGHCVSS 7.2fixed in 12.4.0.4≥ 12.5.0.0, < 12.5.0.4+1 more2025-10-14
CVE-2025-10985 [HIGH] CWE-78 CVE-2025-10985: OS command injection in the admin panel of Ivanti EPMM before version 12.6.0.2, 12.5.0.4, and 12.4.0 OS command injection in the admin panel of Ivanti EPMM before version 12.6.0.2, 12.5.0.4, and 12.4.0.4 allows a remote authenticated attacker with admin privileges to achieve remote code execution.
nvd
CVE-2025-10243P2HIGHCVSS 7.2fixed in 12.4.0.4≥ 12.5.0.0, < 12.5.0.4+1 more2025-10-14
CVE-2025-10243 [HIGH] CWE-78 CVE-2025-10243: OS command injection in the admin panel of Ivanti EPMM before version 12.6.0.2, 12.5.0.4, and 12.4.0 OS command injection in the admin panel of Ivanti EPMM before version 12.6.0.2, 12.5.0.4, and 12.4.0.4 allows a remote authenticated attacker with admin privileges to achieve remote code execution.
nvd
CVE-2025-10242P2HIGHCVSS 7.2fixed in 12.4.0.4≥ 12.5.0.0, < 12.5.0.4+1 more2025-10-14
CVE-2025-10242 [HIGH] CWE-78 CVE-2025-10242: OS command injection in the admin panel of Ivanti EPMM before version 12.6.0.2, 12.5.0.4, and 12.4.0 OS command injection in the admin panel of Ivanti EPMM before version 12.6.0.2, 12.5.0.4, and 12.4.0.4 allows a remote authenticated attacker with admin privileges to achieve remote code execution.
nvd
CVE-2024-36130P2CRITICALCVSS 9.8fixed in 12.1.0.12024-08-07
CVE-2024-36130 [CRITICAL] CWE-287 CVE-2024-36130: An insufficient authorization vulnerability in web component of EPMM prior to 12.1.0.1 allows an una An insufficient authorization vulnerability in web component of EPMM prior to 12.1.0.1 allows an unauthorized attacker within the network to execute arbitrary commands on the underlying operating system of the appliance.
nvd
CVE-2023-39335P2CRITICALCVSS 9.8fixed in 11.9.0≥ 11.10.0, < 11.10.0.4+1 more2023-11-15
CVE-2023-39335 [CRITICAL] CWE-269 CVE-2023-39335: A security vulnerability has been identified in EPMM Versions 11.10, 11.9 and 11.8 and older allowin A security vulnerability has been identified in EPMM Versions 11.10, 11.9 and 11.8 and older allowing an unauthenticated threat actor to impersonate any existing user during the device enrollment process. This issue poses a significant security risk, as it enables unauthorized access and potential misuse of user accounts and resources.
nvd
CVE-2025-6771P2HIGHCVSS 7.2fixed in 12.3.0.3≥ 12.4.0.0, < 12.4.0.3+1 more2025-07-08
CVE-2025-6771 [HIGH] CWE-78 CVE-2025-6771: OS command injection in Ivanti Endpoint Manager Mobile (EPMM) before version 12.5.0.2,12.4.0.3 and OS command injection in Ivanti Endpoint Manager Mobile (EPMM) before version 12.5.0.2,12.4.0.3 and 12.3.0.3 allows a remote authenticated attacker with high privileges to achieve remote code execution
nvd
CVE-2025-6770P2HIGHCVSS 7.2fixed in 12.3.0.3≥ 12.4.0.0, < 12.4.0.3+1 more2025-07-08
CVE-2025-6770 [HIGH] CWE-78 CVE-2025-6770: OS command injection in Ivanti Endpoint Manager Mobile (EPMM) before version 12.5.0.2 allows a remot OS command injection in Ivanti Endpoint Manager Mobile (EPMM) before version 12.5.0.2 allows a remote authenticated attacker with high privileges to achieve remote code execution
nvd
CVE-2024-36131P2HIGHCVSS 8.8fixed in 12.1.0.12024-08-07
CVE-2024-36131 [HIGH] CWE-502 CVE-2024-36131: An insecure deserialization vulnerability in web component of EPMM prior to 12.1.0.1 allows an authe An insecure deserialization vulnerability in web component of EPMM prior to 12.1.0.1 allows an authenticated remote attacker to execute arbitrary commands on the underlying operating system of the appliance.
nvd
CVE-2026-7821P2CRITICALCVSS 9.1fixed in 12.6.1.1v12.7.0.0+1 more2026-05-07
CVE-2026-7821 [CRITICAL] CWE-295 CVE-2026-7821: Improper certificate validation in Ivanti EPMM before versions 12.6.1.1, 12.7.0.1, and 12.8.0.1 allo Improper certificate validation in Ivanti EPMM before versions 12.6.1.1, 12.7.0.1, and 12.8.0.1 allows a remote unauthenticated attacker to enroll a device belonging to a restricted set of unenrolled devices, leading to information disclosure about EPMM appliance and impacting on the integrity of the newly enrolled device identity.
nvd
CVE-2026-5787P2CRITICALCVSS 9.1fixed in 12.6.1.1v12.7.0.0+1 more2026-05-07
CVE-2026-5787 [CRITICAL] CWE-295 CVE-2026-5787: An Improper Certificate Validation in Ivanti EPMM before versions 12.6.1.1, 12.7.0.1, and 12.8.0.1 a An Improper Certificate Validation in Ivanti EPMM before versions 12.6.1.1, 12.7.0.1, and 12.8.0.1 allows a remote unauthenticated attacker to impersonate registered Sentry hosts and obtain valid CA-signed client certificates.
nvd
CVE-2026-5786P2HIGHCVSS 8.8fixed in 12.6.1.1v12.7.0.0+1 more2026-05-07
CVE-2026-5786 [HIGH] CWE-284 CVE-2026-5786: An Improper Access Control vulnerability in Ivanti EPMM before versions 12.6.1.1, 12.7.0.1, and 12.8 An Improper Access Control vulnerability in Ivanti EPMM before versions 12.6.1.1, 12.7.0.1, and 12.8.0.1 allows a remote authenticated attacker to gain administrative access.
nvd
Ivanti Endpoint Manager Mobile vulnerabilities | cvebase