Ivanti Endpoint Manager Mobile vulnerabilities
28 known vulnerabilities affecting ivanti/endpoint_manager_mobile.
Total CVEs
28
CISA KEV
8
actively exploited
Public exploits
6
Exploited in wild
8
Severity breakdown
CRITICAL10HIGH13MEDIUM5
Vulnerabilities
Page 2 of 2
CVE-2023-39337P3CRITICALCVSS 9.1≤ 11.9.0≥ 11.10.0, < 11.10.0.4+1 more2023-11-15
CVE-2023-39337 [CRITICAL] CWE-200 CVE-2023-39337: A security vulnerability in EPMM Versions 11.10, 11.9 and 11.8 older allows a threat actor with know
A security vulnerability in EPMM Versions 11.10, 11.9 and 11.8 older allows a threat actor with knowledge of an enrolled device identifier to access and extract sensitive information, including device and environment configuration details, as well as secrets. This vulnerability poses a serious security risk, potentially exposing confidential data
nvd
CVE-2024-36132P3HIGHCVSS 7.5fixed in 12.1.0.12024-08-07
CVE-2024-36132 [HIGH] CWE-287 CVE-2024-36132: Insufficient verification of authentication controls in EPMM prior to 12.1.0.1 allows a remote attac
Insufficient verification of authentication controls in EPMM prior to 12.1.0.1 allows a remote attacker to bypass authentication and access sensitive resources.
nvd
CVE-2023-46807P3MEDIUMCVSS 6.7fixed in 12.1.0.02024-05-22
CVE-2023-46807 [MEDIUM] CWE-89 CVE-2023-46807: An SQL Injection vulnerability in web component of EPMM before 12.1.0.0 allows an authenticated user
An SQL Injection vulnerability in web component of EPMM before 12.1.0.0 allows an authenticated user with appropriate privilege to access or modify data in the underlying database.
nvd
CVE-2023-46806P3MEDIUMCVSS 6.7fixed in 12.1.0.02024-05-22
CVE-2023-46806 [MEDIUM] CWE-89 CVE-2023-46806: An SQL Injection vulnerability in a web component of EPMM versions before 12.1.0.0 allows an authent
An SQL Injection vulnerability in a web component of EPMM versions before 12.1.0.0 allows an authenticated user with appropriate privilege to access or modify data in the underlying database.
nvd
CVE-2024-7612P3HIGHCVSS 7.8fixed in 12.0.0.5≥ 12.1.0.0, < 12.1.0.42024-10-08
CVE-2024-7612 [HIGH] CWE-732 CVE-2024-7612: Insecure permissions in Ivanti EPMM before 12.1.0.4 allow a local authenticated attacker to modify s
Insecure permissions in Ivanti EPMM before 12.1.0.4 allow a local authenticated attacker to modify sensitive application components.
nvd
CVE-2024-34788P3MEDIUMCVSS 6.5fixed in 12.1.0.12024-08-07
CVE-2024-34788 [MEDIUM] CWE-287 CVE-2024-34788: An improper authentication vulnerability in web component of EPMM prior to 12.1.0.1 allows a remote
An improper authentication vulnerability in web component of EPMM prior to 12.1.0.1 allows a remote malicious user to access potentially sensitive information
nvd
CVE-2025-10986P3MEDIUMCVSS 5.5fixed in 12.4.0.4≥ 12.5.0.0, < 12.5.0.4+1 more2025-10-14
CVE-2025-10986 [MEDIUM] CWE-22 CVE-2025-10986: Path traversal in the admin panel of Ivanti EPMM before version 12.6.0.2, 12.5.0.4, and 12.4.0.4 all
Path traversal in the admin panel of Ivanti EPMM before version 12.6.0.2, 12.5.0.4, and 12.4.0.4 allows a remote authenticated attacker with admin privileges to write data in unintended locations on disk.
nvd
CVE-2024-22026P4MEDIUMCVSS 6.7fixed in 12.1.0.02024-05-22
CVE-2024-22026 [MEDIUM] CWE-284 CVE-2024-22026: A local privilege escalation vulnerability in EPMM before 12.1.0.0 allows an authenticated local use
A local privilege escalation vulnerability in EPMM before 12.1.0.0 allows an authenticated local user to bypass shell restriction and execute arbitrary commands on the appliance.
nvd
← Previous2 / 2