Show filters
177 Total Results
Displaying 21-30 of 177
Sort by:
Attacker Value
Unknown

CVE-2024-13162

Disclosure Date: January 14, 2025 (last updated January 15, 2025)
SQL injection in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote authenticated attacker with admin privileges to achieve remote code execution. This CVE addresses incomplete fixes from CVE-2024-32848.
0
0
Attacker Value
Unknown

CVE-2024-13161

Disclosure Date: January 14, 2025 (last updated February 23, 2025)
Absolute path traversal in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to leak sensitive information.
0
0
Attacker Value
Unknown

CVE-2024-13160

Disclosure Date: January 14, 2025 (last updated February 23, 2025)
Absolute path traversal in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to leak sensitive information.
0
0
Attacker Value
Unknown

CVE-2024-13159

Disclosure Date: January 14, 2025 (last updated February 23, 2025)
Absolute path traversal in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to leak sensitive information.
0
0
Attacker Value
Unknown

CVE-2024-13158

Disclosure Date: January 14, 2025 (last updated January 15, 2025)
An unbounded resource search path in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote authenticated attacker with admin privileges to achieve remote code execution.
0
0
Attacker Value
Unknown

CVE-2024-10811

Disclosure Date: January 14, 2025 (last updated February 23, 2025)
Absolute path traversal in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to leak sensitive information.
0
0
Attacker Value
Unknown

CVE-2024-10256

Disclosure Date: December 10, 2024 (last updated December 21, 2024)
Insufficient permissions in Ivanti Patch SDK before version 9.7.703 allows a local authenticated attacker to delete arbitrary files.
0
0
Attacker Value
Unknown

CVE-2024-50330

Disclosure Date: November 12, 2024 (last updated November 13, 2024)
SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote unauthenticated attacker to achieve remote code execution.
0
0
Attacker Value
Unknown

CVE-2024-50329

Disclosure Date: November 12, 2024 (last updated November 19, 2024)
Path traversal in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote unauthenticated attacker to achieve remote code execution. User interaction is required.
Attack Vector: NetworkPrivileges: NoneUser Interaction: Required
0
0
Attacker Value
Unknown

CVE-2024-50328

Disclosure Date: November 12, 2024 (last updated November 19, 2024)
SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote authenticated attacker with admin privileges to achieve remote code execution.
Attack Vector: NetworkPrivileges: HighUser Interaction: None
0
0
View More Topics  < Previous  Next >