CVSS: 9.8EPSS: 89%CPEs: 1EXPL: 1CVE-2024-13161 – Ivanti Endpoint Manager (EPM) Absolute Path Traversal Vulnerability
https://notcve.org/view.php?id=CVE-2024-13161
14 Jan 2025 — Absolute path traversal in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to leak sensitive information. Ivanti Endpoint Manager (EPM) contains an absolute path traversal vulnerability that allows a remote unauthenticated attacker to leak sensitive information. • https://packetstorm.news/files/id/189333 • CWE-36: Absolute Path Traversal •
CVSS: 10.0EPSS: 1%CPEs: 1EXPL: 1CVE-2024-10811 – Ivanti EPM Credential Coercion
https://notcve.org/view.php?id=CVE-2024-10811
14 Jan 2025 — Absolute path traversal in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to leak sensitive information. • https://packetstorm.news/files/id/189333 • CWE-36: Absolute Path Traversal •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-10256
https://notcve.org/view.php?id=CVE-2024-10256
10 Dec 2024 — Insufficient permissions in Ivanti Patch SDK before version 9.7.703 allows a local authenticated attacker to delete arbitrary files. • https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Patch-SDK-CVE-2024-10256 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 10.0EPSS: 5%CPEs: 1EXPL: 0CVE-2024-50330 – Ivanti Endpoint Manager GetComputerID SQL Injection Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-50330
12 Nov 2024 — SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote unauthenticated attacker to achieve remote code execution. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Endpoint Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the GetComputerID method. The issue results from the lack of proper validation of a... • https://forums.ivanti.com/s/article/Security-Advisory-EPM-November-2024-for-EPM-2024-and-EPM-2022 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 10.0EPSS: 5%CPEs: 1EXPL: 0CVE-2024-50329 – Ivanti Endpoint Manager vulscan Directory Traversal Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-50329
12 Nov 2024 — Path traversal in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote unauthenticated attacker to achieve remote code execution. User interaction is required. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Endpoint Manager. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the ... • https://forums.ivanti.com/s/article/Security-Advisory-EPM-November-2024-for-EPM-2024-and-EPM-2022 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 8.3EPSS: 3%CPEs: 1EXPL: 0CVE-2024-50328 – Ivanti Endpoint Manager GetDetectedVulnerabilitiesDataTable SQL Injection Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-50328
12 Nov 2024 — SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote authenticated attacker with admin privileges to achieve remote code execution. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Endpoint Manager. Authentication is required to exploit this vulnerability. The specific flaw exists within the implementation of the GetDetectedVulnerabilitiesDataTable method. The issue results f... • https://forums.ivanti.com/s/article/Security-Advisory-EPM-November-2024-for-EPM-2024-and-EPM-2022 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.3EPSS: 3%CPEs: 1EXPL: 0CVE-2024-50327 – Ivanti Endpoint Manager ROI SQL Injection Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-50327
12 Nov 2024 — SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote authenticated attacker with admin privileges to achieve remote code execution. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Endpoint Manager. Authentication is required to exploit this vulnerability. The specific flaw exists within the ROI class. The issue results from the lack of proper validation of a user-supplied st... • https://forums.ivanti.com/s/article/Security-Advisory-EPM-November-2024-for-EPM-2024-and-EPM-2022 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.3EPSS: 3%CPEs: 1EXPL: 0CVE-2024-50326 – Ivanti Endpoint Manager serverStorage SQL Injection Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-50326
12 Nov 2024 — SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote authenticated attacker with admin privileges to achieve remote code execution. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Endpoint Manager. Authentication is required to exploit this vulnerability. The specific flaw exists within the serverStorage class. The issue results from the lack of proper validation of a user-s... • https://forums.ivanti.com/s/article/Security-Advisory-EPM-November-2024-for-EPM-2024-and-EPM-2022 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.3EPSS: 8%CPEs: 1EXPL: 0CVE-2024-50324 – Ivanti Endpoint Manager GetFilePath Directory Traversal Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-50324
12 Nov 2024 — Path traversal in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote authenticated attacker with admin privileges to achieve remote code execution. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Endpoint Manager. Authentication is required to exploit this vulnerability. The specific flaw exists within the implementation of the GetFilePath method. The issue results from the lack of proper ... • https://forums.ivanti.com/s/article/Security-Advisory-EPM-November-2024-for-EPM-2024-and-EPM-2022 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-50323 – Ivanti Endpoint Manager TestAllowedSQL SQL Injection Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-50323
12 Nov 2024 — SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a local unauthenticated attacker to achieve code execution. User interaction is required. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Endpoint Manager. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Alternatively, no user interaction is require... • https://forums.ivanti.com/s/article/Security-Advisory-EPM-November-2024-for-EPM-2024-and-EPM-2022 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •