Endpoint Manager

endpoint_manager

Vendor: Ivanti • 116 CVEs

CVEs (116)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2026-8111 1Ivanti 1Endpoint Manager May 12, 2026 May 12, 2026 N/A· v4 8.8 HIGH· v3 N/A· v2 SQL injection in the web console of Ivanti Endpoint Manager before version 2024 SU6 allows a remote authenticated attacker to achieve remote code execution.
CVE-2026-8110 1Ivanti 1Endpoint Manager May 12, 2026 May 12, 2026 N/A· v4 7.8 HIGH· v3 N/A· v2 Incorrect permissions assignment in the agent of Ivanti Endpoint Manager before version 2024 SU6 allows a local authenticated attacker to escalate their privileges.
CVE-2026-8109 1Ivanti 1Endpoint Manager May 12, 2026 May 12, 2026 N/A· v4 6.5 MEDIUM· v3 N/A· v2 An exposed dangerous method on the Core Server of Ivanti Endpoint Manager before version 2024 SU6 allows a remote authenticated attacker to leak access credentials.
CVE-2026-1603 1Ivanti 1Endpoint Manager Mar 10, 2026 Feb 10, 2026 N/A· v4 7.5 HIGH· v3 N/A· v2 An authentication bypass in Ivanti Endpoint Manager before version 2024 SU5 allows a remote unauthenticated attacker to leak specific stored credential data.
CVE-2026-1602 1Ivanti 1Endpoint Manager Feb 12, 2026 Feb 10, 2026 N/A· v4 6.5 MEDIUM· v3 N/A· v2 SQL injection in Ivanti Endpoint Manager before version 2024 SU5 allows a remote authenticated attacker to read arbitrary data from the database.
CVE-2025-13662 1Ivanti 1Endpoint Manager Dec 11, 2025 Dec 9, 2025 N/A· v4 7.8 HIGH· v3 N/A· v2 Improper verification of cryptographic signatures in the patch management component of Ivanti Endpoint Manager prior to version 2024 SU4 SR1 allows a remote unauthenticated attacker to execute arbitrary code. User Intera...Show more Improper verification of cryptographic signatures in the patch management component of Ivanti Endpoint Manager prior to version 2024 SU4 SR1 allows a remote unauthenticated attacker to execute arbitrary code. User Interaction is required.Show less
CVE-2025-13661 1Ivanti 1Endpoint Manager Dec 11, 2025 Dec 9, 2025 N/A· v4 8.0 HIGH· v3 N/A· v2 Path traversal in Ivanti Endpoint Manager prior to version 2024 SU4 SR1 allows a remote authenticated attacker to write arbitrary files outside of the intended directory. User interaction is required.
CVE-2025-13659 1Ivanti 1Endpoint Manager Dec 11, 2025 Dec 9, 2025 N/A· v4 8.8 HIGH· v3 N/A· v2 Improper control of dynamically managed code resources in Ivanti Endpoint Manager prior to version 2024 SU4 SR1 allows a remote, unauthenticated attacker to write arbitrary files on the server, potentially leading to rem...Show more Improper control of dynamically managed code resources in Ivanti Endpoint Manager prior to version 2024 SU4 SR1 allows a remote, unauthenticated attacker to write arbitrary files on the server, potentially leading to remote code execution. User interaction is required.Show less
CVE-2025-10573 1Ivanti 1Endpoint Manager Dec 11, 2025 Dec 9, 2025 N/A· v4 6.1 MEDIUM· v3 N/A· v2 Stored XSS in Ivanti Endpoint Manager prior to version 2024 SU4 SR1 allows a remote unauthenticated attacker to execute arbitrary JavaScript in the context of an administrator session. User interaction is required.
CVE-2025-10918 1Ivanti 1Endpoint Manager Nov 17, 2025 Nov 11, 2025 N/A· v4 7.1 HIGH· v3 N/A· v2 Insecure default permissions in the agent of Ivanti Endpoint Manager before version 2024 SU4 allows a local authenticated attacker to write arbitrary files anywhere on disk
CVE-2025-62392 1Ivanti 1Endpoint Manager Feb 10, 2026 Oct 13, 2025 N/A· v4 6.5 MEDIUM· v3 N/A· v2 SQL injection in Ivanti Endpoint Manager before version 2024 SU5 allows a remote authenticated attacker to read arbitrary data from the database.
CVE-2025-62391 1Ivanti 1Endpoint Manager Feb 10, 2026 Oct 13, 2025 N/A· v4 6.5 MEDIUM· v3 N/A· v2 SQL injection in Ivanti Endpoint Manager before version 2024 SU5 allows a remote authenticated attacker to read arbitrary data from the database.
CVE-2025-62390 1Ivanti 1Endpoint Manager Feb 10, 2026 Oct 13, 2025 N/A· v4 6.5 MEDIUM· v3 N/A· v2 SQL injection in Ivanti Endpoint Manager before version 2024 SU5 allows a remote authenticated attacker to read arbitrary data from the database.
CVE-2025-62389 1Ivanti 1Endpoint Manager Feb 10, 2026 Oct 13, 2025 N/A· v4 6.5 MEDIUM· v3 N/A· v2 SQL injection in Ivanti Endpoint Manager before version 2024 SU5 allows a remote authenticated attacker to read arbitrary data from the database.
CVE-2025-62388 1Ivanti 1Endpoint Manager Feb 10, 2026 Oct 13, 2025 N/A· v4 6.5 MEDIUM· v3 N/A· v2 SQL injection in Ivanti Endpoint Manager before version 2024 SU5 allows a remote authenticated attacker to read arbitrary data from the database.
CVE-2025-62387 1Ivanti 1Endpoint Manager Feb 10, 2026 Oct 13, 2025 N/A· v4 6.5 MEDIUM· v3 N/A· v2 SQL injection in Ivanti Endpoint Manager before version 2024 SU5 allows a remote authenticated attacker to read arbitrary data from the database.
CVE-2025-62386 1Ivanti 1Endpoint Manager Feb 10, 2026 Oct 13, 2025 N/A· v4 6.5 MEDIUM· v3 N/A· v2 SQL injection in Ivanti Endpoint Manager before version 2024 SU5 allows a remote authenticated attacker to read arbitrary data from the database.
CVE-2025-62385 1Ivanti 1Endpoint Manager Feb 10, 2026 Oct 13, 2025 N/A· v4 6.5 MEDIUM· v3 N/A· v2 SQL injection in Ivanti Endpoint Manager before version 2024 SU5 allows a remote authenticated attacker to read arbitrary data from the database.
CVE-2025-62384 1Ivanti 1Endpoint Manager Feb 10, 2026 Oct 13, 2025 N/A· v4 6.5 MEDIUM· v3 N/A· v2 SQL injection in Ivanti Endpoint Manager before version 2024 SU5 allows a remote authenticated attacker to read arbitrary data from the database.
CVE-2025-62383 1Ivanti 1Endpoint Manager Feb 10, 2026 Oct 13, 2025 N/A· v4 6.5 MEDIUM· v3 N/A· v2 SQL injection in Ivanti Endpoint Manager before version 2024 SU5 allows a remote authenticated attacker to read arbitrary data from the database.

12 3 4 5 6 Next