Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Endpoint_manager
(Ivanti)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 86 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2024-12-10 | CVE-2024-10256 | Insufficient permissions in Ivanti Patch SDK before version 9.7.703 allows a local authenticated attacker to delete arbitrary files. | Endpoint_manager, Neurons_agent_platform, Neurons_for_patch_management, Patch_for_configuration_manager, Patch_software_development_kit, Security_controls | N/A | ||
| 2025-01-14 | CVE-2024-13158 | An unbounded resource search path in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote authenticated attacker with admin privileges to achieve remote code execution. | Endpoint_manager | N/A | ||
| 2025-01-14 | CVE-2024-13166 | An out-of-bounds write in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to cause a denial of service. | Endpoint_manager | N/A | ||
| 2025-01-14 | CVE-2024-13162 | SQL injection in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote authenticated attacker with admin privileges to achieve remote code execution. This CVE addresses incomplete fixes from CVE-2024-32848. | Endpoint_manager | N/A | ||
| 2025-01-14 | CVE-2024-13163 | Deserialization of untrusted data in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to achieve remote code execution. Local user interaction is required. | Endpoint_manager | N/A | ||
| 2025-01-14 | CVE-2024-13164 | An uninitialized resource in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a local authenticated attacker to escalate their privileges. | Endpoint_manager | N/A | ||
| 2025-01-14 | CVE-2024-13165 | An out-of-bounds write in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to cause a denial of service. | Endpoint_manager | N/A | ||
| 2025-01-14 | CVE-2024-13167 | An out-of-bounds write in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to cause a denial of service. | Endpoint_manager | N/A | ||
| 2025-01-14 | CVE-2024-13168 | An out-of-bounds write in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to cause a denial of service. | Endpoint_manager | N/A | ||
| 2025-01-14 | CVE-2024-13169 | An out-of-bounds read in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a local authenticated attacker to escalate their privileges. | Endpoint_manager | N/A |