cbcvebase.

Ivanti Epm vulnerabilities

33 known vulnerabilities affecting ivanti/epm.

Total CVEs
33
CISA KEV
1
actively exploited
Public exploits
1
Exploited in wild
1
Severity breakdown
CRITICAL1HIGH32

Vulnerabilities

Page 2 of 2
CVE-2024-32839P3HIGHCVSS 7.2≥ 2024 November Security Update, < 2024 November Security Update≥ 2022 SU6 November Security Update, < 2022 SU6 November Security Update2024-11-13
CVE-2024-32839 [HIGH] CWE-89 CVE-2024-32839: SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November S SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote authenticated attacker with admin privileges to achieve remote code execution.
nvd
CVE-2024-32841P3HIGHCVSS 7.2≥ 2024 November Security Update, < 2024 November Security Update≥ 2022 SU6 November Security Update, < 2022 SU6 November Security Update2024-11-13
CVE-2024-32841 [HIGH] CWE-89 CVE-2024-32841: SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November S SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote authenticated attacker with admin privileges to achieve remote code execution.
nvd
CVE-2024-32847P3HIGHCVSS 7.2≥ 2024 November Security Update, < 2024 November Security Update≥ 2022 SU6 November Security Update, < 2022 SU6 November Security Update2024-11-13
CVE-2024-32847 [HIGH] CWE-89 CVE-2024-32847: SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November S SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote authenticated attacker with admin privileges to achieve remote code execution.
nvd
CVE-2024-37376P3HIGHCVSS 7.2≥ 2024 November Security Update, < 2024 November Security Update≥ 2022 SU6 November Security Update, < 2022 SU6 November Security Update2024-11-13
CVE-2024-37376 [HIGH] CWE-89 CVE-2024-37376: SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November S SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote authenticated attacker with admin privileges to achieve remote code execution.
nvd
CVE-2024-37381P3HIGHCVSS 8.0≥ 2024, ≤ 20242024-07-29
CVE-2024-37381 [HIGH] CWE-89 CVE-2024-37381: An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2024 flat allows an authenti An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2024 flat allows an authenticated attacker within the same network to execute arbitrary code.
nvd
CVE-2024-32843P3HIGHCVSS 7.2≥ 2024 September Security Update, < 2024 September Security Update≥ 2022 SU6, < 2022 SU62024-09-12
CVE-2024-32843 [HIGH] CWE-89 CVE-2024-32843: An unspecified SQL injection in Ivanti EPM before 2022 SU6, or the 2024 September update allows a re An unspecified SQL injection in Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote authenticated attacker with admin privileges to achieve remote code execution.
nvd
CVE-2024-32846P3HIGHCVSS 7.2≥ 2024 September Security Update, < 2024 September Security Update≥ 2022 SU6, < 2022 SU62024-09-12
CVE-2024-32846 [HIGH] CWE-89 CVE-2024-32846: An unspecified SQL injection in Ivanti EPM before 2022 SU6, or the 2024 September update allows a re An unspecified SQL injection in Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote authenticated attacker with admin privileges to achieve remote code execution.
nvd
CVE-2024-32842P3HIGHCVSS 7.2≥ 2024 September Security Update, < 2024 September Security Update≥ 2022 SU6, < 2022 SU62024-09-12
CVE-2024-32842 [HIGH] CWE-89 CVE-2024-32842: An unspecified SQL injection in Ivanti EPM before 2022 SU6, or the 2024 September update allows a re An unspecified SQL injection in Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote authenticated attacker with admin privileges to achieve remote code execution.
nvd
CVE-2024-34782P3HIGHCVSS 7.2≥ 2024 November Security Update, < 2024 November Security Update≥ 2022 SU6 November Security Update, < 2022 SU6 November Security Update2024-11-13
CVE-2024-34782 [HIGH] CWE-89 CVE-2024-34782: SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November S SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote authenticated attacker with admin privileges to achieve remote code execution.
nvd
CVE-2024-34780P3HIGHCVSS 7.2≥ 2024 November Security Update, < 2024 November Security Update≥ 2022 SU6 November Security Update, < 2022 SU6 November Security Update2024-11-13
CVE-2024-34780 [HIGH] CWE-89 CVE-2024-34780: SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November S SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote authenticated attacker with admin privileges to achieve remote code execution.
nvd
CVE-2024-32844P3HIGHCVSS 7.2≥ 2024 November Security Update, < 2024 November Security Update≥ 2022 SU6 November Security Update, < 2022 SU6 November Security Update2024-11-13
CVE-2024-32844 [HIGH] CWE-89 CVE-2024-32844: SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November S SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote authenticated attacker with admin privileges to achieve remote code execution.
nvd
CVE-2024-34784P3HIGHCVSS 7.2≥ 2024 November Security Update, < 2024 November Security Update≥ 2022 SU6 November Security Update, < 2022 SU6 November Security Update2024-11-13
CVE-2024-34784 [HIGH] CWE-89 CVE-2024-34784: SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November S SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote authenticated attacker with admin privileges to achieve remote code execution.
nvd
CVE-2024-22058P3HIGHCVSS 7.8≥ 2021, ≤ 20212024-05-31
CVE-2024-22058 [HIGH] CWE-122 CVE-2024-22058: A buffer overflow allows a low privilege user on the local machine that has the EPM Agent installed A buffer overflow allows a low privilege user on the local machine that has the EPM Agent installed to execute arbitrary code with elevated permissions in Ivanti EPM 2021.1 and older.
nvd
Ivanti Epm vulnerabilities | cvebase