Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
ivanti endpoint manager vulnerabilities and exploits
(subscribe to this query)
9.9
CVSSv3
CVE-2020-13774
An unrestricted file-upload issue in EditLaunchPadDialog.aspx in Ivanti Endpoint Manager 2019.1 and 2020.1 allows an authenticated malicious user to gain remote code execution by uploading a malicious aspx file. The issue is caused by insufficient file extension validation and in...
Ivanti Endpoint Manager 2019.1
Ivanti Endpoint Manager 2020.1
9.8
CVSSv3
CVE-2023-39335
A security vulnerability has been identified in EPMM Versions 11.10, 11.9 and 11.8 and older allowing an unauthenticated threat actor to impersonate any existing user during the device enrollment process. This issue poses a significant security risk, as it enables unauthorized ac...
Ivanti Endpoint Manager Mobile
9.8
CVSSv3
CVE-2023-35084
Unsafe Deserialization of User Input could lead to Execution of Unauthorized Operations in Ivanti Endpoint Manager 2022 su3 and all previous versions, which could allow an malicious user to execute commands remotely.
Ivanti Endpoint Manager 2022
Ivanti Endpoint Manager
9.8
CVSSv3
CVE-2023-35082
An authentication bypass vulnerability in Ivanti EPMM 11.10 and older, allows unauthorized users to access restricted functionality or resources of the application without proper authentication. This vulnerability is unique to CVE-2023-35078 announced earlier.
Ivanti Endpoint Manager Mobile
1 Article
9.8
CVSSv3
CVE-2023-35078
An authentication bypass vulnerability in Ivanti EPMM allows unauthorized users to access restricted functionality or resources of the application without proper authentication.
Ivanti Endpoint Manager Mobile
9 Github repositories
4 Articles
9.8
CVSSv3
CVE-2023-28324
A improper input validation vulnerability exists in Ivanti Endpoint Manager 2022 and below that could allow privilege escalation or remote code execution.
Ivanti Endpoint Manager
9.8
CVSSv3
CVE-2023-28323
A deserialization of untrusted data exists in EPM 2022 Su3 and all prior versions that allows an unauthenticated user to elevate rights. This exploit could potentially be used in conjunction with other OS (Operating System) vulnerabilities to escalate privileges on the machine or...
Ivanti Endpoint Manager 2022
Ivanti Endpoint Manager
9.8
CVSSv3
CVE-2022-27773
A privilege escalation vulnerability is identified in Ivanti EPM (LANDesk Management Suite) that allows a user to execute commands with elevated privileges.
Ivanti Endpoint Manager 2021.1
Ivanti Endpoint Manager
Ivanti Endpoint Manager 2022
9.8
CVSSv3
CVE-2021-44529
A code injection vulnerability in the Ivanti EPM Cloud Services Appliance (CSA) allows an unauthenticated user to execute arbitrary code with limited permissions (nobody).
Ivanti Endpoint Manager Cloud Services Appliance
Ivanti Endpoint Manager Cloud Services Appliance 4.6
2 Github repositories
9.8
CVSSv3
CVE-2019-10651
An issue exists in the Core Server in Ivanti Endpoint Manager (EPM) 2017.3 before SU7 and 2018.x prior to 2018.3 SU3, with remote code execution. In other words, the issue affects 2017.3, 2018.1, and 2018.3 installations that lack the April 2019 update.
Ivanti Endpoint Manager 2018.3
Ivanti Endpoint Manager 2018.1
Ivanti Endpoint Manager 2017.3
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-48693
CVE-2024-30851
CVE-2024-34460
CVE-2024-2887
local
CVE-2024-27956
remote code execution
CVE-2024-34475
privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
NEXT »