Show filters
45 Total Results
Displaying 1-10 of 45
Sort by:
Attacker Value
Very High

CVE-2024-29824

Disclosure Date: May 31, 2024 (last updated October 04, 2024)
An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an unauthenticated attacker within the same network to execute arbitrary code.
Attack Vector: Adjacent NetworkPrivileges: NoneUser Interaction: None
2
1
Attacker Value
Unknown

CVE-2023-39336

Disclosure Date: January 09, 2024 (last updated January 13, 2024)
An unspecified SQL Injection vulnerability in Ivanti Endpoint Manager released prior to 2022 SU 5 allows an attacker with access to the internal network to execute arbitrary SQL queries and retrieve output without the need for authentication. Under specific circumstances, this may also lead to RCE on the core server.
Attack Vector: Adjacent NetworkPrivileges: NoneUser Interaction: None
1
0
Attacker Value
Unknown

CVE-2024-50329

Disclosure Date: November 12, 2024 (last updated November 19, 2024)
Path traversal in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote unauthenticated attacker to achieve remote code execution. User interaction is required.
Attack Vector: NetworkPrivileges: NoneUser Interaction: Required
0
0
Attacker Value
Unknown

CVE-2024-50328

Disclosure Date: November 12, 2024 (last updated November 19, 2024)
SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote authenticated attacker with admin privileges to achieve remote code execution.
Attack Vector: NetworkPrivileges: HighUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2024-50327

Disclosure Date: November 12, 2024 (last updated November 19, 2024)
SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote authenticated attacker with admin privileges to achieve remote code execution.
Attack Vector: NetworkPrivileges: HighUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2024-50326

Disclosure Date: November 12, 2024 (last updated November 19, 2024)
SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote authenticated attacker with admin privileges to achieve remote code execution.
Attack Vector: NetworkPrivileges: HighUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2024-50324

Disclosure Date: November 12, 2024 (last updated November 19, 2024)
Path traversal in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote authenticated attacker with admin privileges to achieve remote code execution.
Attack Vector: NetworkPrivileges: HighUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2024-50323

Disclosure Date: November 12, 2024 (last updated November 19, 2024)
SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a local unauthenticated attacker to achieve code execution. User interaction is required.
Attack Vector: LocalPrivileges: NoneUser Interaction: Required
0
0
Attacker Value
Unknown

CVE-2024-50322

Disclosure Date: November 12, 2024 (last updated November 19, 2024)
Path traversal in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a local unauthenticated attacker to achieve code execution. User interaction is required.
Attack Vector: LocalPrivileges: NoneUser Interaction: Required
0
0
Attacker Value
Unknown

CVE-2024-34785

Disclosure Date: September 12, 2024 (last updated September 13, 2024)
An unspecified SQL injection in Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote authenticated attacker with admin privileges to achieve remote code execution.
Attack Vector: NetworkPrivileges: HighUser Interaction: None
0
0
View More Topics  Next >