threat
engine
.sh
Back
·
··:··
Home
/
Product
/
ivanti endpoint manager
Product
ivanti endpoint manager
116 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
Sort
Newest first
Oldest first
Highest CVSS
Lowest CVSS
Min CVSS
Any
4.0+
7.0+ (High)
9.0+ (Critical)
Published since
Reset
CVE-2026-8111
<= 2022
SQL injection in the web console of Ivanti Endpoint Manager before version 2024 SU6 allows a remote authenticated attacker to ac
8.8
HIGH
CVE-2026-8110
<= 2022
Incorrect permissions assignment in the agent of Ivanti Endpoint Manager before version 2024 SU6 allows a local authenticat
7.8
HIGH
CVE-2026-8109
<= 2022
An exposed dangerous method on the Core Server of Ivanti Endpoint Manager before version 2024 SU6 allows a remote authenti
6.5
MEDIUM
CVE-2026-1603
< 2024
An authentication bypass in Ivanti Endpoint Manager before version 2024 SU5 allows a remote unauthenticated attacker to leak speci
8.6
HIGH
CVE-2026-1602
< 2024
SQL injection in Ivanti Endpoint Manager before version 2024 SU5 allows a remote authenticated attacker to read arbitrary data fro
6.5
MEDIUM
CVE-2025-13662
< 2024
Improper verification of cryptographic signatures in the patch management component of Ivanti Endpoint Manager prior to version 20
7.8
HIGH
CVE-2025-13661
< 2024
Path traversal in Ivanti Endpoint Manager prior to version 2024 SU4 SR1 allows a remote authenticated attacker to write arbitrary
7.1
HIGH
CVE-2025-13659
< 2024
Improper control of dynamically managed code resources in Ivanti Endpoint Manager prior to version 2024 SU4 SR1 allows a remote, u
8.8
HIGH
CVE-2025-10573
< 2024
Stored XSS in Ivanti Endpoint Manager prior to version 2024 SU4 SR1 allows a remote unauthenticated attacker to execute arbitrary
9.6
CRITICAL
CVE-2025-10918
< 2024
Insecure default permissions in the agent of Ivanti Endpoint Manager before version 2024 SU4 allows a local authenticated attacker
7.1
HIGH
CVE-2025-62392
< 2024
SQL injection in Ivanti Endpoint Manager before version 2024 SU5 allows a remote authenticated attacker to read arbitrary data fro
6.5
MEDIUM
CVE-2025-62391
< 2024
SQL injection in Ivanti Endpoint Manager before version 2024 SU5 allows a remote authenticated attacker to read arbitrary data fro
6.5
MEDIUM
CVE-2025-62390
< 2024
SQL injection in Ivanti Endpoint Manager before version 2024 SU5 allows a remote authenticated attacker to read arbitrary data fro
6.5
MEDIUM
CVE-2025-62389
< 2024
SQL injection in Ivanti Endpoint Manager before version 2024 SU5 allows a remote authenticated attacker to read arbitrary data fro
6.5
MEDIUM
CVE-2025-62388
< 2024
SQL injection in Ivanti Endpoint Manager before version 2024 SU5 allows a remote authenticated attacker to read arbitrary data fro
6.5
MEDIUM
CVE-2025-62387
< 2024
SQL injection in Ivanti Endpoint Manager before version 2024 SU5 allows a remote authenticated attacker to read arbitrary data fro
6.5
MEDIUM
CVE-2025-62386
< 2024
SQL injection in Ivanti Endpoint Manager before version 2024 SU5 allows a remote authenticated attacker to read arbitrary data fro
6.5
MEDIUM
CVE-2025-62385
< 2024
SQL injection in Ivanti Endpoint Manager before version 2024 SU5 allows a remote authenticated attacker to read arbitrary data fro
6.5
MEDIUM
CVE-2025-62384
< 2024
SQL injection in Ivanti Endpoint Manager before version 2024 SU5 allows a remote authenticated attacker to read arbitrary data fro
6.5
MEDIUM
CVE-2025-62383
< 2024
SQL injection in Ivanti Endpoint Manager before version 2024 SU5 allows a remote authenticated attacker to read arbitrary data fro
6.5
MEDIUM
CVE-2025-11623
< 2024
SQL injection in Ivanti Endpoint Manager before version 2024 SU5 allows a remote authenticated attacker to read arbitrary data fr
6.5
MEDIUM
CVE-2025-9713
< 2024
Path traversal in Ivanti Endpoint Manager before version 2024 SU4 allows a remote unauthenticated attacker to achieve remote code
8.8
HIGH
CVE-2025-11622
< 2024
Insecure deserialization in Ivanti Endpoint Manager before version 2024 SU4 allows a local authenticated attacker to escalate thei
7.8
HIGH
CVE-2025-9872
< 2022
Insufficient filename validation in Ivanti Endpoint Manager before 2024 SU3 SR1 and 2022 SU8 SR2 allows a remote unauthenticated a
8.8
HIGH
CVE-2025-9712
< 2022
Insufficient filename validation in Ivanti Endpoint Manager before 2024 SU3 SR1 and 2022 SU8 SR2 allows a remote unauthenticated a
8.8
HIGH
CVE-2025-7037
< 2022
SQL injection in Ivanti Endpoint Manager before version 2024 SU3 and 2022 SU8 Security Update 1 allows a remote authenticated atta
7.2
HIGH
CVE-2025-6996
< 2022
Improper use of encryption in the agent of Ivanti Endpoint Manager before version 2024 SU3 and 2022 SU8 Security Update 1 allows a
8.4
HIGH
CVE-2025-6995
< 2022
Improper use of encryption in the agent of Ivanti Endpoint Manager before version 2024 SU3 and 2022 SU8 Security Update 1 allows a
8.4
HIGH
CVE-2025-22466
< 2022
Reflected XSS in Ivanti Endpoint Manager before version 2024 SU1 or before version 2022 SU7 allows a remote unauthenticated attack
8.2
HIGH
CVE-2025-22465
< 2022
Reflected XSS in Ivanti Endpoint Manager before version 2024 SU1 or before version 2022 SU7 allows a remote unauthenticated attack
6.1
MEDIUM
CVE-2025-22464
< 2022
An untrusted pointer dereference vulnerability in Ivanti Endpoint Manager before version 2024 SU1 or before version 2022 SU7 allow
6.1
MEDIUM
CVE-2025-22461
< 2022
SQL injection in Ivanti Endpoint Manager before version 2024 SU1 or before version 2022 SU7 allows a remote authenticated attacker
7.2
HIGH
CVE-2025-22459
< 2022
Improper certificate validation in Ivanti Endpoint Manager before version 2024 SU1 or before version 2022 SU7 allows a remote unau
4.8
MEDIUM
CVE-2025-22458
< 2022
DLL hijacking in Ivanti Endpoint Manager before version 2024 SU1 or before version 2022 SU7 allows an authenticated attacker to es
7.8
HIGH
CVE-2024-13172
< 2022
Improper signature verification in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Upda
7.8
HIGH
CVE-2024-13171
< 2022
Insufficient filename validation in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Upd
7.8
HIGH
CVE-2024-13170
< 2022
An out-of-bounds write in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows
7.5
HIGH
CVE-2024-13169
< 2022
An out-of-bounds read in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows
7.8
HIGH
CVE-2024-13168
< 2022
An out-of-bounds write in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows
7.5
HIGH
CVE-2024-13167
< 2022
An out-of-bounds write in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows
7.5
HIGH
CVE-2024-13166
< 2022
An out-of-bounds write in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows
7.5
HIGH
CVE-2024-13165
< 2022
An out-of-bounds write in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows
7.5
HIGH
CVE-2024-13164
< 2022
An uninitialized resource in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update all
7.8
HIGH
CVE-2024-13163
< 2022
Deserialization of untrusted data in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Up
7.8
HIGH
CVE-2024-13162
< 2022
SQL injection in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote
7.2
HIGH
CVE-2024-13161
< 2022
Absolute path traversal in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allow
9.8
CRITICAL
CVE-2024-13160
< 2022
Absolute path traversal in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allow
9.8
CRITICAL
CVE-2024-13159
< 2022
Absolute path traversal in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allow
9.8
CRITICAL
CVE-2024-13158
< 2024
An unbounded resource search path in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Up
7.2
HIGH
CVE-2024-10811
< 2022
Absolute path traversal in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allow
9.8
CRITICAL
CVE-2024-10256
all versions
Insufficient permissions in Ivanti Patch SDK before version 9.7.703 allows a local authenticated attacker to delete arbitrary file
7.1
HIGH
CVE-2024-37376
< 2022
SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote
7.2
HIGH
CVE-2024-34787
< 2022
Path traversal in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a local
7.8
HIGH
CVE-2024-34784
< 2022
SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote
7.2
HIGH
CVE-2024-34782
< 2022
SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote
7.2
HIGH
CVE-2024-34781
< 2022
SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote
7.2
HIGH
CVE-2024-34780
< 2022
SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote
7.2
HIGH
CVE-2024-32847
< 2022
SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote
7.2
HIGH
CVE-2024-32844
< 2022
SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote
7.2
HIGH
CVE-2024-32841
< 2022
SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote
7.2
HIGH
CVE-2024-32839
< 2022
SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote
7.2
HIGH
CVE-2024-50330
< 2022
SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remot
9.8
CRITICAL
CVE-2024-50329
< 2022
Path traversal in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remo
8.8
HIGH
CVE-2024-50328
< 2022
SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remot
7.2
HIGH
CVE-2024-50327
< 2022
SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remot
7.2
HIGH
CVE-2024-50326
< 2022
SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remot
7.2
HIGH
CVE-2024-50324
< 2022
Path traversal in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remo
7.2
HIGH
CVE-2024-50323
< 2022
SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a local
7.8
HIGH
CVE-2024-50322
< 2022
Path traversal in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a loca
7.8
HIGH
CVE-2024-37397
< 2022
An External XML Entity (XXE) vulnerability in the provisioning web service of Ivanti EPM before 2022 SU6, or the 2024 September up
8.2
HIGH
CVE-2024-34785
< 2022
An unspecified SQL injection in Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote authenticated attacker wi
7.2
HIGH
CVE-2024-34783
< 2022
An unspecified SQL injection in Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote authenticated attacker wi
7.2
HIGH
CVE-2024-34779
< 2022
An unspecified SQL injection in Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote authenticated attacker wi
7.2
HIGH
CVE-2024-32848
< 2022
An unspecified SQL injection in Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote authenticated attacker wi
7.2
HIGH
CVE-2024-32846
< 2022
An unspecified SQL injection in Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote authenticated attacker wi
7.2
HIGH
CVE-2024-32845
< 2022
An unspecified SQL injection in Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote authenticated attacker wi
7.2
HIGH
CVE-2024-32843
< 2022
An unspecified SQL injection in Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote authenticated attacker wi
7.2
HIGH
CVE-2024-32842
< 2022
An unspecified SQL injection in Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote authenticated attacker wi
7.2
HIGH
CVE-2024-32840
< 2022
An unspecified SQL injection in Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote authenticated attacker wi
7.2
HIGH
CVE-2024-29847
< 2022
Deserialization of untrusted data in the agent portal of Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote
9.8
CRITICAL
CVE-2024-8441
< 2022
An uncontrolled search path in the agent of Ivanti EPM before 2022 SU6, or the 2024 September update allows a local authenticated
6.7
MEDIUM
CVE-2024-8322
< 2022
Weak authentication in Patch Management of Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote authenticated
4.3
MEDIUM
CVE-2024-8321
< 2022
Missing authentication in Network Isolation of Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote unauthenti
5.8
MEDIUM
CVE-2024-8320
< 2022
Missing authentication in Network Isolation of Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote unauthenti
5.3
MEDIUM
CVE-2024-8191
< 2022
SQL injection in the management console of Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote unauthenticate
7.8
HIGH
CVE-2024-37381
all versions
An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2024 flat allows an authenticated attacker within the same
8.0
HIGH
CVE-2024-29846
< 2022
An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an authenticated attacker within
8.0
HIGH
CVE-2024-29830
< 2022
An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an authenticated attacker within
8.0
HIGH
CVE-2024-29829
< 2022
An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an authenticated attacker within
8.0
HIGH
CVE-2024-29828
< 2022
An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an authenticated attacker within
8.0
HIGH
CVE-2024-29827
< 2022
An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an unauthenticated attacker with
8.8
HIGH
CVE-2024-29826
< 2022
An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an unauthenticated attacker with
8.8
HIGH
CVE-2024-29825
< 2022
An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an unauthenticated attacker with
8.8
HIGH
CVE-2024-29824
< 2022
An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an unauthenticated attacker with
8.8
HIGH
CVE-2024-29823
< 2022
An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an unauthenticated attacker with
8.8
HIGH
CVE-2024-29822
< 2022
An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an unauthenticated attacker with
8.8
HIGH
CVE-2024-22058
<= 2021.1
A buffer overflow allows a low privilege user on the local machine that has the EPM Agent installed to execute arbitrary code with
7.8
HIGH
CVE-2023-39336
< 2022
An unspecified SQL Injection vulnerability in Ivanti Endpoint Manager released prior to 2022 SU 5 allows an attacker with access
8.8
HIGH
CVE-2023-35084
< 2022
Unsafe Deserialization of User Input could lead to Execution of Unauthorized Operations in Ivanti Endpoint Manager 2022 su3 and al
9.8
CRITICAL
CVE-2023-35083
< 2022
Allows an authenticated attacker with network access to read arbitrary files on Endpoint Manager recently discovered on 2022 SU3 a
6.5
MEDIUM
CVE-2023-38344
< 2022
An issue was discovered in Ivanti Endpoint Manager before 2022 SU4. A file disclosure vulnerability exists in the GetFileContents
6.5
MEDIUM
CVE-2023-38343
< 2022
An XXE (XML external entity injection) vulnerability exists in the CSEP component of Ivanti Endpoint Manager before 2022 SU4. Exte
7.5
HIGH
CVE-2023-35077
< 7.9.1.285
An out-of-bounds write vulnerability on windows operating systems causes the Ivanti AntiVirus Product to crash. Update to Ivanti A
7.5
HIGH
CVE-2023-28324
<= 2022
A improper input validation vulnerability exists in Ivanti Endpoint Manager 2022 and below that could allow privilege escalation o
9.8
CRITICAL
CVE-2023-28323
< 2022
A deserialization of untrusted data exists in EPM 2022 Su3 and all prior versions that allows an unauthenticated user to elevate r
9.8
CRITICAL
CVE-2022-35259
<= 2022.3
XML Injection with Endpoint Manager 2022. 3 and below causing a download of a malicious file to run and possibly execute to gain u
7.8
HIGH
CVE-2022-27773
< 2021.1
A privilege escalation vulnerability is identified in Ivanti EPM (LANDesk Management Suite) that allows a user to execute commands
9.8
CRITICAL
CVE-2022-30121
< 2021.1.1
The “LANDesk(R) Management Agent” service exposes a socket and once connected, it is possible to launch commands only for sign
6.7
MEDIUM
CVE-2020-13773
<= 2020.1.1
Ivanti Endpoint Manager through 2020.1.1 allows XSS via /LDMS/frm_splitfrm.aspx, /LDMS/licensecheck.aspx, /LDMS/frm_splitcollapse.
5.4
MEDIUM
CVE-2020-13772
<= 2020.1.1
In /ldclient/ldprov.cgi in Ivanti Endpoint Manager through 2020.1.1, an attacker is able to disclose information about the server
5.3
MEDIUM
CVE-2020-13769
<= 2020.1
LDMS/alert_log.aspx in Ivanti Endpoint Manager through 2020.1 allows SQL Injection via a /remotecontrolauth/api/device request.
8.8
HIGH
CVE-2020-13774
all versions
An unrestricted file-upload issue in EditLaunchPadDialog.aspx in Ivanti Endpoint Manager 2019.1 and 2020.1 allows an authenticated
9.9
CRITICAL
CVE-2020-13771
<= 2020.1.1
Various components in Ivanti Endpoint Manager through 2020.1.1 rely on Windows search order when loading a (nonexistent) library f
7.8
HIGH
CVE-2020-13770
<= 2020.1.1
Several services are accessing named pipes in Ivanti Endpoint Manager through 2020.1.1 with default or overly permissive security
7.8
HIGH
CVE-2019-10651
all versions
An issue was discovered in the Core Server in Ivanti Endpoint Manager (EPM) 2017.3 before SU7 and 2018.x before 2018.3 SU3, with r
9.8
CRITICAL
CVE-2017-11463
all versions
In Ivanti Service Desk (formerly LANDESK Management Suite) versions between 2016.3 and 2017.3, an Unrestricted Direct Object Refer
8.8
HIGH
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh · Open-source threat intelligence platform · 100+ authoritative sources · Every fact traces to its origin