Total
45 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2024-50327 | 1 Ivanti | 1 Endpoint Manager | 2024-11-18 | N/A | 7.2 HIGH |
SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote authenticated attacker with admin privileges to achieve remote code execution. | |||||
CVE-2024-50326 | 1 Ivanti | 1 Endpoint Manager | 2024-11-18 | N/A | 7.2 HIGH |
SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote authenticated attacker with admin privileges to achieve remote code execution. | |||||
CVE-2024-50328 | 1 Ivanti | 1 Endpoint Manager | 2024-11-18 | N/A | 7.2 HIGH |
SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote authenticated attacker with admin privileges to achieve remote code execution. | |||||
CVE-2024-50329 | 1 Ivanti | 1 Endpoint Manager | 2024-11-18 | N/A | 8.8 HIGH |
Path traversal in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote unauthenticated attacker to achieve remote code execution. User interaction is required. | |||||
CVE-2024-50324 | 1 Ivanti | 1 Endpoint Manager | 2024-11-18 | N/A | 7.2 HIGH |
Path traversal in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote authenticated attacker with admin privileges to achieve remote code execution. | |||||
CVE-2024-50323 | 1 Ivanti | 1 Endpoint Manager | 2024-11-18 | N/A | 7.8 HIGH |
SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a local unauthenticated attacker to achieve code execution. User interaction is required. | |||||
CVE-2024-50322 | 1 Ivanti | 1 Endpoint Manager | 2024-11-18 | N/A | 7.8 HIGH |
Path traversal in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a local unauthenticated attacker to achieve code execution. User interaction is required. | |||||
CVE-2024-29846 | 1 Ivanti | 1 Endpoint Manager | 2024-10-03 | N/A | 8.0 HIGH |
An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an authenticated attacker within the same network to execute arbitrary code. | |||||
CVE-2024-29830 | 1 Ivanti | 1 Endpoint Manager | 2024-10-03 | N/A | 8.0 HIGH |
An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an authenticated attacker within the same network to execute arbitrary code. | |||||
CVE-2024-29829 | 1 Ivanti | 1 Endpoint Manager | 2024-10-03 | N/A | 8.0 HIGH |
An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an authenticated attacker within the same network to execute arbitrary code. | |||||
CVE-2024-29828 | 1 Ivanti | 1 Endpoint Manager | 2024-10-03 | N/A | 8.0 HIGH |
An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an authenticated attacker within the same network to execute arbitrary code. | |||||
CVE-2024-29827 | 1 Ivanti | 1 Endpoint Manager | 2024-10-03 | N/A | 8.8 HIGH |
An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an unauthenticated attacker within the same network to execute arbitrary code. | |||||
CVE-2024-29826 | 1 Ivanti | 1 Endpoint Manager | 2024-10-03 | N/A | 8.8 HIGH |
An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an unauthenticated attacker within the same network to execute arbitrary code. | |||||
CVE-2024-29825 | 1 Ivanti | 1 Endpoint Manager | 2024-10-03 | N/A | 8.8 HIGH |
An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an unauthenticated attacker within the same network to execute arbitrary code. | |||||
CVE-2024-29824 | 1 Ivanti | 1 Endpoint Manager | 2024-10-03 | N/A | 8.8 HIGH |
An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an unauthenticated attacker within the same network to execute arbitrary code. | |||||
CVE-2024-29823 | 1 Ivanti | 1 Endpoint Manager | 2024-10-03 | N/A | 8.8 HIGH |
An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an unauthenticated attacker within the same network to execute arbitrary code. | |||||
CVE-2024-29822 | 1 Ivanti | 1 Endpoint Manager | 2024-10-03 | N/A | 8.8 HIGH |
An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an unauthenticated attacker within the same network to execute arbitrary code. | |||||
CVE-2023-28324 | 1 Ivanti | 1 Endpoint Manager | 2024-09-25 | N/A | 9.8 CRITICAL |
A improper input validation vulnerability exists in Ivanti Endpoint Manager 2022 and below that could allow privilege escalation or remote code execution. | |||||
CVE-2023-38344 | 1 Ivanti | 1 Endpoint Manager | 2024-09-25 | N/A | 6.5 MEDIUM |
An issue was discovered in Ivanti Endpoint Manager before 2022 SU4. A file disclosure vulnerability exists in the GetFileContents SOAP action exposed via /landesk/managementsuite/core/core.secure/OsdScript.asmx. The application does not sufficiently restrict user-supplied paths, allowing for an authenticated attacker to read arbitrary files from a remote system, including the private key used to authenticate to agents for remote access. | |||||
CVE-2024-34785 | 1 Ivanti | 1 Endpoint Manager | 2024-09-12 | N/A | 7.2 HIGH |
An unspecified SQL injection in Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote authenticated attacker with admin privileges to achieve remote code execution. |