CVSS: 9.8EPSS: 94%CPEs: 1EXPL: 2CVE-2024-13159 – Ivanti Endpoint Manager (EPM) Absolute Path Traversal Vulnerability
https://notcve.org/view.php?id=CVE-2024-13159
14 Jan 2025 — Absolute path traversal in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to leak sensitive information. Ivanti Endpoint Manager (EPM) contains an absolute path traversal vulnerability that allows a remote unauthenticated attacker to leak sensitive information. • https://packetstorm.news/files/id/189333 • CWE-36: Absolute Path Traversal •
CVSS: 9.8EPSS: 93%CPEs: 1EXPL: 1CVE-2024-13160 – Ivanti Endpoint Manager (EPM) Absolute Path Traversal Vulnerability
https://notcve.org/view.php?id=CVE-2024-13160
14 Jan 2025 — Absolute path traversal in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to leak sensitive information. Ivanti Endpoint Manager (EPM) contains an absolute path traversal vulnerability that allows a remote unauthenticated attacker to leak sensitive information. • https://packetstorm.news/files/id/189333 • CWE-36: Absolute Path Traversal •
CVSS: 9.8EPSS: 92%CPEs: 1EXPL: 1CVE-2024-13161 – Ivanti Endpoint Manager (EPM) Absolute Path Traversal Vulnerability
https://notcve.org/view.php?id=CVE-2024-13161
14 Jan 2025 — Absolute path traversal in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to leak sensitive information. Ivanti Endpoint Manager (EPM) contains an absolute path traversal vulnerability that allows a remote unauthenticated attacker to leak sensitive information. • https://packetstorm.news/files/id/189333 • CWE-36: Absolute Path Traversal •
CVSS: 10.0EPSS: 6%CPEs: 1EXPL: 1CVE-2024-10811 – Ivanti EPM Credential Coercion
https://notcve.org/view.php?id=CVE-2024-10811
14 Jan 2025 — Absolute path traversal in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to leak sensitive information. • https://packetstorm.news/files/id/189333 • CWE-36: Absolute Path Traversal •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-10256
https://notcve.org/view.php?id=CVE-2024-10256
10 Dec 2024 — Insufficient permissions in Ivanti Patch SDK before version 9.7.703 allows a local authenticated attacker to delete arbitrary files. • https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Patch-SDK-CVE-2024-10256 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 10.0EPSS: 21%CPEs: 2EXPL: 0CVE-2024-34781 – Ivanti Endpoint Manager Report_Run SQL Injection Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-34781
13 Nov 2024 — SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote authenticated attacker with admin privileges to achieve remote code execution. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Endpoint Manager. Authentication is required to exploit this vulnerability. The specific flaw exists within the Report_Run class. The issue results from the lack of proper validation of a user-supp... • https://forums.ivanti.com/s/article/Security-Advisory-EPM-November-2024-for-EPM-2024-and-EPM-2022 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 10.0EPSS: 10%CPEs: 2EXPL: 0CVE-2024-34782 – Ivanti Endpoint Manager PatchHistory SQL Injection Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-34782
13 Nov 2024 — SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote authenticated attacker with admin privileges to achieve remote code execution. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Endpoint Manager. Authentication is required to exploit this vulnerability. The specific flaw exists within the PatchHistory class. The issue results from the lack of proper validation of a user-su... • https://forums.ivanti.com/s/article/Security-Advisory-EPM-November-2024-for-EPM-2024-and-EPM-2022 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 10.0EPSS: 10%CPEs: 2EXPL: 0CVE-2024-34784 – Ivanti Endpoint Manager DBDR SQL Injection Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-34784
13 Nov 2024 — SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote authenticated attacker with admin privileges to achieve remote code execution. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Endpoint Manager. Authentication is required to exploit this vulnerability. The specific flaw exists within the implementation of the DBDR class. The issue results from the lack of proper validatio... • https://forums.ivanti.com/s/article/Security-Advisory-EPM-November-2024-for-EPM-2024-and-EPM-2022 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 10.0EPSS: 10%CPEs: 2EXPL: 0CVE-2024-37376 – Ivanti Endpoint Manager Report_RunPatch SQL Injection Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-37376
13 Nov 2024 — SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote authenticated attacker with admin privileges to achieve remote code execution. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Endpoint Manager. Authentication is required to exploit this vulnerability. The specific flaw exists within the Report_RunPatch class. The issue results from the lack of proper validation of a user... • https://forums.ivanti.com/s/article/Security-Advisory-EPM-November-2024-for-EPM-2024-and-EPM-2022 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2024-34787 – Ivanti Endpoint Manager EFile Directory Traversal Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-34787
13 Nov 2024 — Path traversal in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a local unauthenticated attacker to achieve code execution. User interaction is required. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Endpoint Manager. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Alternatively, no user interaction is requir... • https://forums.ivanti.com/s/article/Security-Advisory-EPM-November-2024-for-EPM-2024-and-EPM-2022 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •