Ivanti Epm vulnerabilities
33 known vulnerabilities affecting ivanti/epm.
Total CVEs
33
CISA KEV
1
actively exploited
Public exploits
1
Exploited in wild
1
Severity breakdown
CRITICAL1HIGH32
Vulnerabilities
Page 1 of 2
CVE-2024-29824P1HIGHCVSS 8.8KEVPoC≥ 2022 SU5, ≤ 2022 SU52024-05-31
CVE-2024-29824 [HIGH] CWE-89 CVE-2024-29824: An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an
An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an unauthenticated attacker within the same network to execute arbitrary code.
nvd
CVE-2024-29847P1CRITICALCVSS 9.8≥ 2024 September Security Update, < 2024 September Security Update≥ 2022 SU6, < 2022 SU62024-09-12
CVE-2024-29847 [CRITICAL] CWE-502 CVE-2024-29847: Deserialization of untrusted data in the agent portal of Ivanti EPM before 2022 SU6, or the 2024 Sep
Deserialization of untrusted data in the agent portal of Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote unauthenticated attacker to achieve remote code execution.
nvd
CVE-2024-29826P2HIGHCVSS 8.8≥ 2022 SU5, ≤ 2022 SU52024-05-31
CVE-2024-29826 [HIGH] CWE-89 CVE-2024-29826: An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an
An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an unauthenticated attacker within the same network to execute arbitrary code.
nvd
CVE-2024-29825P2HIGHCVSS 8.8≥ 2022 SU5, ≤ 2022 SU52024-05-31
CVE-2024-29825 [HIGH] CWE-89 CVE-2024-29825: An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an
An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an unauthenticated attacker within the same network to execute arbitrary code.
nvd
CVE-2024-29823P2HIGHCVSS 8.8≥ 2022 SU5, ≤ 2022 SU52024-05-31
CVE-2024-29823 [HIGH] CWE-89 CVE-2024-29823: An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an
An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an unauthenticated attacker within the same network to execute arbitrary code.
nvd
CVE-2024-29827P2HIGHCVSS 8.8≥ 2022 SU5, ≤ 2022 SU52024-05-31
CVE-2024-29827 [HIGH] CWE-89 CVE-2024-29827: An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an
An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an unauthenticated attacker within the same network to execute arbitrary code.
nvd
CVE-2024-29822P2HIGHCVSS 8.8≥ 2022 SU5, ≤ 2022 SU52024-05-31
CVE-2024-29822 [HIGH] CWE-89 CVE-2024-29822: An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an
An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an unauthenticated attacker within the same network to execute arbitrary code.
nvd
CVE-2024-37397P2HIGHCVSS 8.2≥ 2024 September Security Update, < 2024 September Security Update≥ 2022 SU6, < 2022 SU62024-09-12
CVE-2024-37397 [HIGH] CWE-611 CVE-2024-37397: An External XML Entity (XXE) vulnerability in the provisioning web service of Ivanti EPM before 2022
An External XML Entity (XXE) vulnerability in the provisioning web service of Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote unauthenticated attacker to leak API secrets.
nvd
CVE-2024-34781P2HIGHCVSS 7.2≥ 2024 November Security Update, < 2024 November Security Update≥ 2022 SU6 November Security Update, < 2022 SU6 November Security Update2024-11-13
CVE-2024-34781 [HIGH] CWE-89 CVE-2024-34781: SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November S
SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote authenticated attacker with admin privileges to achieve remote code execution.
nvd
CVE-2024-34783P3HIGHCVSS 7.2≥ 2024 September Security Update, < 2024 September Security Update≥ 2022 SU6, < 2022 SU62024-09-12
CVE-2024-34783 [HIGH] CWE-89 CVE-2024-34783: An unspecified SQL injection in Ivanti EPM before 2022 SU6, or the 2024 September update allows a re
An unspecified SQL injection in Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote authenticated attacker with admin privileges to achieve remote code execution.
nvd
CVE-2024-32848P3HIGHCVSS 7.2≥ 2024 September Security Update, < 2024 September Security Update≥ 2022 SU6, < 2022 SU62024-09-12
CVE-2024-32848 [HIGH] CWE-89 CVE-2024-32848: An unspecified SQL injection in Ivanti EPM before 2022 SU6, or the 2024 September update allows a re
An unspecified SQL injection in Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote authenticated attacker with admin privileges to achieve remote code execution.
nvd
CVE-2024-34785P3HIGHCVSS 7.2≥ 2024 September Security Update, < 2024 September Security Update≥ 2022 SU6, < 2022 SU62024-09-12
CVE-2024-34785 [HIGH] CWE-89 CVE-2024-34785: An unspecified SQL injection in Ivanti EPM before 2022 SU6, or the 2024 September update allows a re
An unspecified SQL injection in Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote authenticated attacker with admin privileges to achieve remote code execution.
nvd
CVE-2024-32840P3HIGHCVSS 7.2≥ 2024 September Security Update, < 2024 September Security Update≥ 2022 SU6, < 2022 SU62024-09-12
CVE-2024-32840 [HIGH] CWE-89 CVE-2024-32840: An unspecified SQL injection in Ivanti EPM before 2022 SU6, or the 2024 September update allows a re
An unspecified SQL injection in Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote authenticated attacker with admin privileges to achieve remote code execution.
nvd
CVE-2024-32845P3HIGHCVSS 7.2≥ 2024 September Security Update, < 2024 September Security Update≥ 2022 SU6, < 2022 SU62024-09-12
CVE-2024-32845 [HIGH] CWE-89 CVE-2024-32845: An unspecified SQL injection in Ivanti EPM before 2022 SU6, or the 2024 September update allows a re
An unspecified SQL injection in Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote authenticated attacker with admin privileges to achieve remote code execution.
nvd
CVE-2024-34779P3HIGHCVSS 7.2≥ 2024 September Security Update, < 2024 September Security Update≥ 2022 SU6, < 2022 SU62024-09-12
CVE-2024-34779 [HIGH] CWE-89 CVE-2024-34779: An unspecified SQL injection in Ivanti EPM before 2022 SU6, or the 2024 September update allows a re
An unspecified SQL injection in Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote authenticated attacker with admin privileges to achieve remote code execution.
nvd
CVE-2024-34787P3HIGHCVSS 7.8≥ 2024 November Security Update, < 2024 November Security Update≥ 2022 SU6 November Security Update, < 2022 SU6 November Security Update2024-11-13
CVE-2024-34787 [HIGH] CWE-22 CVE-2024-34787: Path traversal in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November
Path traversal in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a local unauthenticated attacker to achieve code execution. User interaction is required.
nvd
CVE-2024-29830P3HIGHCVSS 8.0≥ 2022 SU5, ≤ 2022 SU52024-05-31
CVE-2024-29830 [HIGH] CWE-89 CVE-2024-29830: An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an
An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an authenticated attacker within the same network to execute arbitrary code.
nvd
CVE-2024-29828P3HIGHCVSS 8.0≥ 2022 SU5, ≤ 2022 SU52024-05-31
CVE-2024-29828 [HIGH] CWE-89 CVE-2024-29828: An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an
An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an authenticated attacker within the same network to execute arbitrary code.
nvd
CVE-2024-29846P3HIGHCVSS 8.0≥ 2022 SU5, ≤ 2022 SU52024-05-31
CVE-2024-29846 [HIGH] CWE-89 CVE-2024-29846: An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an
An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an authenticated attacker within the same network to execute arbitrary code.
nvd
CVE-2024-29829P3HIGHCVSS 8.0≥ 2022 SU5, ≤ 2022 SU52024-05-31
CVE-2024-29829 [HIGH] CWE-89 CVE-2024-29829: An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an
An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an authenticated attacker within the same network to execute arbitrary code.
nvd
1 / 2Next →