Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
endpoint manager vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2021-44529
A code injection vulnerability in the Ivanti EPM Cloud Services Appliance (CSA) allows an unauthenticated user to execute arbitrary code with limited permissions (nobody).
Ivanti Endpoint Manager Cloud Services Appliance
Ivanti Endpoint Manager Cloud Services Appliance 4.6
2 Github repositories
8.8
CVSSv3
CVE-2015-4952
The on-demand plugin in IBM Endpoint Manager for Remote Control 9.0.1 and 9.1.0 allows user-assisted remote malicious users to execute arbitrary code via unspecified vectors. IBM X-Force ID: 105196.
Ibm Endpoint Manager For Remote Control 9.1.0
Ibm Endpoint Manager For Remote Control 9.0.1
7.8
CVSSv3
CVE-2020-13770
Several services are accessing named pipes in Ivanti Endpoint Manager up to and including 2020.1.1 with default or overly permissive security attributes; as these services run as user ‘NT AUTHORITY\SYSTEM’, the issue can be used to escalate privileges from a local sta...
Ivanti Endpoint Manager
8.8
CVSSv3
CVE-2020-13769
LDMS/alert_log.aspx in Ivanti Endpoint Manager up to and including 2020.1 allows SQL Injection via a /remotecontrolauth/api/device request.
Ivanti Endpoint Manager
5.3
CVSSv3
CVE-2020-13772
In /ldclient/ldprov.cgi in Ivanti Endpoint Manager up to and including 2020.1.1, an attacker is able to disclose information about the server operating system, local pathnames, and environment variables with no authentication required.
Ivanti Endpoint Manager
9.8
CVSSv3
CVE-2023-28324
A improper input validation vulnerability exists in Ivanti Endpoint Manager 2022 and below that could allow privilege escalation or remote code execution.
Ivanti Endpoint Manager
7.8
CVSSv3
CVE-2022-35259
XML Injection with Endpoint Manager 2022. 3 and below causing a download of a malicious file to run and possibly execute to gain unauthorized privileges.
Ivanti Endpoint Manager
7.8
CVSSv3
CVE-2020-13771
Various components in Ivanti Endpoint Manager up to and including 2020.1.1 rely on Windows search order when loading a (nonexistent) library file, allowing (under certain conditions) one to gain code execution (and elevation of privileges to the level of privilege held by the vul...
Ivanti Endpoint Manager
5.4
CVSSv3
CVE-2020-13773
Ivanti Endpoint Manager up to and including 2020.1.1 allows XSS via /LDMS/frm_splitfrm.aspx, /LDMS/licensecheck.aspx, /LDMS/frm_splitcollapse.aspx, /LDMS/alert_log.aspx, /LDMS/ServerList.aspx, /LDMS/frm_coremainfrm.aspx, /LDMS/frm_findfrm.aspx, /LDMS/frm_taskfrm.aspx, and /LDMS/q...
Ivanti Endpoint Manager
9.8
CVSSv3
CVE-2023-39335
A security vulnerability has been identified in EPMM Versions 11.10, 11.9 and 11.8 and older allowing an unauthenticated threat actor to impersonate any existing user during the device enrollment process. This issue poses a significant security risk, as it enables unauthorized ac...
Ivanti Endpoint Manager Mobile
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
hard-coded
CVE-2024-27202
NULL pointer dereference
CVE-2024-28075
CVE-2024-33608
CVE-2024-28889
CVE-2024-34572
template injection
CVE-2024-34351
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »