NotCVE - vendor:"Ivanti" product:"Endpoint Manager"

Page 2 of 79 results (0.001 seconds)

CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0

CVE-2024-13166 – Ivanti Endpoint Manager AlertService Improper Input Validation Denial-of-Service Vulnerability

https://notcve.org/view.php?id=CVE-2024-13166

14 Jan 2025 — An out-of-bounds write in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to cause a denial of service. This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Ivanti Endpoint Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the AlertService. The issue results from the lack of proper validation of the length o... • https://forums.ivanti.com/s/article/Security-Advisory-EPM-January-2025-for-EPM-2024-and-EPM-2022-SU6 • CWE-787: Out-of-bounds Write •

CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0

CVE-2024-13167 – Ivanti Endpoint Manager AlertService Improper Input Validation Denial-of-Service Vulnerability

https://notcve.org/view.php?id=CVE-2024-13167

CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0

CVE-2024-13168 – Ivanti Endpoint Manager AlertService Improper Input Validation Denial-of-Service Vulnerability

https://notcve.org/view.php?id=CVE-2024-13168

CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0

CVE-2024-13169 – Ivanti Endpoint Manager AlertService Type Confusion Information Disclosure Vulnerability

https://notcve.org/view.php?id=CVE-2024-13169

14 Jan 2025 — An out-of-bounds read in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a local authenticated attacker to escalate their privileges. This vulnerability allows local attackers to disclose sensitive information on affected installations of Ivanti Endpoint Manager. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the AlertService. The iss... • https://forums.ivanti.com/s/article/Security-Advisory-EPM-January-2025-for-EPM-2024-and-EPM-2022-SU6 • CWE-125: Out-of-bounds Read CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •

CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0

CVE-2024-13170 – Ivanti Endpoint Manager AlertService Improper Input Validation Denial-of-Service Vulnerability

https://notcve.org/view.php?id=CVE-2024-13170

CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0

CVE-2024-13171 – Ivanti Endpoint Manager Patch Unrestricted File Upload Remote Code Execution Vulnerability

https://notcve.org/view.php?id=CVE-2024-13171

14 Jan 2025 — Insufficient filename validation in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to achieve remote code execution. Local user interaction is required. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Endpoint Manager. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Alternativel... • https://forums.ivanti.com/s/article/Security-Advisory-EPM-January-2025-for-EPM-2024-and-EPM-2022-SU6 • CWE-434: Unrestricted Upload of File with Dangerous Type •

CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0

CVE-2024-13172 – Ivanti Endpoint Manager HIIDriver Improper Verification of Cryptographic Signature Remote Code Execution Vulnerability

https://notcve.org/view.php?id=CVE-2024-13172

14 Jan 2025 — Improper signature verification in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to achieve remote code execution. Local user interaction is required. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Endpoint Manager. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Alternatively... • https://forums.ivanti.com/s/article/Security-Advisory-EPM-January-2025-for-EPM-2024-and-EPM-2022-SU6 • CWE-347: Improper Verification of Cryptographic Signature •

CVSS: 8.3EPSS: 1%CPEs: 1EXPL: 0

CVE-2024-13158 – Ivanti Endpoint Manager MyResolveEventHandler Untrusted Search Path Remote Code Execution Vulnerability

https://notcve.org/view.php?id=CVE-2024-13158

14 Jan 2025 — An unbounded resource search path in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote authenticated attacker with admin privileges to achieve remote code execution. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Endpoint Manager. Authentication is required to exploit this vulnerability. The specific flaw exists within the implementation of the MyResolveEventHandler method. The issue res... • https://forums.ivanti.com/s/article/Security-Advisory-EPM-January-2025-for-EPM-2024-and-EPM-2022-SU6 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-426: Untrusted Search Path •

CVSS: 9.8EPSS: 92%CPEs: 1EXPL: 2

CVE-2024-13159 – Ivanti Endpoint Manager (EPM) Absolute Path Traversal Vulnerability

https://notcve.org/view.php?id=CVE-2024-13159

14 Jan 2025 — Absolute path traversal in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to leak sensitive information. Ivanti Endpoint Manager (EPM) contains an absolute path traversal vulnerability that allows a remote unauthenticated attacker to leak sensitive information. • https://packetstorm.news/files/id/189333 • CWE-36: Absolute Path Traversal •

CVSS: 9.8EPSS: 91%CPEs: 1EXPL: 1

CVE-2024-13160 – Ivanti Endpoint Manager (EPM) Absolute Path Traversal Vulnerability

https://notcve.org/view.php?id=CVE-2024-13160

1 2 3 4 5