Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
ivanti endpoint manager vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv3
CVE-2023-38343
An XXE (XML external entity injection) vulnerability exists in the CSEP component of Ivanti Endpoint Manager prior to 2022 SU4. External entity references are enabled in the XML parser configuration. Exploitation of this vulnerability can lead to file disclosure or Server Side Re...
Ivanti Endpoint Manager 2022
Ivanti Endpoint Manager
7.2
CVSSv3
CVE-2023-35081
A path traversal vulnerability in Ivanti EPMM versions (11.10.x < 11.10.0.3, 11.9.x < 11.9.1.2 and 11.8.x < 11.8.1.2) allows an authenticated administrator to write arbitrary files onto the appliance.
Ivanti Endpoint Manager Mobile
1 Github repository
3 Articles
6.7
CVSSv3
CVE-2024-22026
A local privilege escalation vulnerability in EPMM prior to 12.1.0.0 allows an authenticated local user to bypass shell restriction and execute arbitrary commands on the appliance.
Ivanti Endpoint Manager Mobile
1 Github repository
6.7
CVSSv3
CVE-2022-30121
The “LANDesk(R) Management Agent” service exposes a socket and once connected, it is possible to launch commands only for signed executables. This is a security bug that allows a limited user to get escalated admin privileges on their system.
Ivanti Endpoint Manager 2021.1.1
Ivanti Endpoint Manager
6.5
CVSSv3
CVE-2023-35083
Allows an authenticated attacker with network access to read arbitrary files on Endpoint Manager recently discovered on 2022 SU3 and all previous versions potentially leading to the leakage of sensitive information.
Ivanti Endpoint Manager 2022
Ivanti Endpoint Manager
6.5
CVSSv3
CVE-2023-38344
An issue exists in Ivanti Endpoint Manager prior to 2022 SU4. A file disclosure vulnerability exists in the GetFileContents SOAP action exposed via /landesk/managementsuite/core/core.secure/OsdScript.asmx. The application does not sufficiently restrict user-supplied paths, allowi...
Ivanti Endpoint Manager 2022
Ivanti Endpoint Manager
6.3
CVSSv3
CVE-2019-12375
Open directories in Ivanti LANDESK Management Suite (LDMS, aka Endpoint Manager) 10.0.1.168 Service Update 5 may lead to remote information disclosure and arbitrary code execution.
Ivanti Landesk Management Suite 10.0.1.168
5.4
CVSSv3
CVE-2020-13773
Ivanti Endpoint Manager up to and including 2020.1.1 allows XSS via /LDMS/frm_splitfrm.aspx, /LDMS/licensecheck.aspx, /LDMS/frm_splitcollapse.aspx, /LDMS/alert_log.aspx, /LDMS/ServerList.aspx, /LDMS/frm_coremainfrm.aspx, /LDMS/frm_findfrm.aspx, /LDMS/frm_taskfrm.aspx, and /LDMS/q...
Ivanti Endpoint Manager
5.3
CVSSv3
CVE-2020-13772
In /ldclient/ldprov.cgi in Ivanti Endpoint Manager up to and including 2020.1.1, an attacker is able to disclose information about the server operating system, local pathnames, and environment variables with no authentication required.
Ivanti Endpoint Manager
4.5
CVSSv3
CVE-2019-12376
Use of a hard-coded encryption key in Ivanti LANDESK Management Suite (LDMS, aka Endpoint Manager) 10.0.1.168 Service Update 5 may lead to full managed endpoint compromise by an authenticated user with read privileges.
Ivanti Landesk Management Suite 10.0.1.168
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-17519
open redirect
CVE-2024-21683
cache poisoning
CVE-2021-47524
CVE-2021-47521
CVE-2024-5229
CVE-2021-47560
local
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
NEXT »