CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-13170 – Ivanti Endpoint Manager AlertService Improper Input Validation Denial-of-Service Vulnerability
https://notcve.org/view.php?id=CVE-2024-13170
14 Jan 2025 — An out-of-bounds write in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to cause a denial of service. This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Ivanti Endpoint Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the AlertService. The issue results from the lack of proper validation of the length o... • https://forums.ivanti.com/s/article/Security-Advisory-EPM-January-2025-for-EPM-2024-and-EPM-2022-SU6 • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-13171 – Ivanti Endpoint Manager Patch Unrestricted File Upload Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-13171
14 Jan 2025 — Insufficient filename validation in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to achieve remote code execution. Local user interaction is required. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Endpoint Manager. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Alternativel... • https://forums.ivanti.com/s/article/Security-Advisory-EPM-January-2025-for-EPM-2024-and-EPM-2022-SU6 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-13172 – Ivanti Endpoint Manager HIIDriver Improper Verification of Cryptographic Signature Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-13172
14 Jan 2025 — Improper signature verification in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to achieve remote code execution. Local user interaction is required. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Endpoint Manager. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Alternatively... • https://forums.ivanti.com/s/article/Security-Advisory-EPM-January-2025-for-EPM-2024-and-EPM-2022-SU6 • CWE-347: Improper Verification of Cryptographic Signature •
CVSS: 8.3EPSS: 1%CPEs: 1EXPL: 0CVE-2024-13158 – Ivanti Endpoint Manager MyResolveEventHandler Untrusted Search Path Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-13158
14 Jan 2025 — An unbounded resource search path in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote authenticated attacker with admin privileges to achieve remote code execution. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Endpoint Manager. Authentication is required to exploit this vulnerability. The specific flaw exists within the implementation of the MyResolveEventHandler method. The issue res... • https://forums.ivanti.com/s/article/Security-Advisory-EPM-January-2025-for-EPM-2024-and-EPM-2022-SU6 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-426: Untrusted Search Path •
CVSS: 9.8EPSS: 92%CPEs: 1EXPL: 2CVE-2024-13159 – Ivanti Endpoint Manager (EPM) Absolute Path Traversal Vulnerability
https://notcve.org/view.php?id=CVE-2024-13159
14 Jan 2025 — Absolute path traversal in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to leak sensitive information. Ivanti Endpoint Manager (EPM) contains an absolute path traversal vulnerability that allows a remote unauthenticated attacker to leak sensitive information. • https://packetstorm.news/files/id/189333 • CWE-36: Absolute Path Traversal •
CVSS: 9.8EPSS: 91%CPEs: 1EXPL: 1CVE-2024-13160 – Ivanti Endpoint Manager (EPM) Absolute Path Traversal Vulnerability
https://notcve.org/view.php?id=CVE-2024-13160
14 Jan 2025 — Absolute path traversal in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to leak sensitive information. Ivanti Endpoint Manager (EPM) contains an absolute path traversal vulnerability that allows a remote unauthenticated attacker to leak sensitive information. • https://packetstorm.news/files/id/189333 • CWE-36: Absolute Path Traversal •
CVSS: 9.8EPSS: 89%CPEs: 1EXPL: 1CVE-2024-13161 – Ivanti Endpoint Manager (EPM) Absolute Path Traversal Vulnerability
https://notcve.org/view.php?id=CVE-2024-13161
14 Jan 2025 — Absolute path traversal in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to leak sensitive information. Ivanti Endpoint Manager (EPM) contains an absolute path traversal vulnerability that allows a remote unauthenticated attacker to leak sensitive information. • https://packetstorm.news/files/id/189333 • CWE-36: Absolute Path Traversal •
CVSS: 10.0EPSS: 1%CPEs: 1EXPL: 1CVE-2024-10811 – Ivanti EPM Credential Coercion
https://notcve.org/view.php?id=CVE-2024-10811
14 Jan 2025 — Absolute path traversal in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to leak sensitive information. • https://packetstorm.news/files/id/189333 • CWE-36: Absolute Path Traversal •
CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 0CVE-2024-13181 – Ivanti Avalanche SecureFilter allowPassThrough Authentication Bypass Vulnerability
https://notcve.org/view.php?id=CVE-2024-13181
14 Jan 2025 — Path Traversal in Ivanti Avalanche before version 6.4.7 allows a remote unauthenticated attacker to bypass authentication. This CVE addresses incomplete fixes from CVE-2024-47010. This vulnerability allows remote attackers to partially bypass authentication on affected installations of Ivanti Avalanche. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the allowPassThrough method. The issue results from incorrect string matching when making a... • https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Avalanche-6-4-7-Multiple-CVEs • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-288: Authentication Bypass Using an Alternate Path or Channel •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-13180 – Ivanti Avalanche Faces ResourceManager Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2024-13180
14 Jan 2025 — Path Traversal in Ivanti Avalanche before version 6.4.7 allows a remote unauthenticated attacker to leak sensitive information. This CVE addresses incomplete fixes from CVE-2024-47011. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Ivanti Avalanche. Authentication is not required to exploit this vulnerability. The specific flaw exists within the Faces Mojarra component. The issue results from the use of a vulnerable third-party library. • https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Avalanche-6-4-7-Multiple-CVEs • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •