Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Endpoint_manager_mobile
(Ivanti)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 15 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2024-05-22 | CVE-2023-46806 | An SQL Injection vulnerability in a web component of EPMM versions before 12.1.0.0 allows an authenticated user with appropriate privilege to access or modify data in the underlying database. | Endpoint_manager_mobile | N/A | ||
| 2024-05-22 | CVE-2023-46807 | An SQL Injection vulnerability in web component of EPMM before 12.1.0.0 allows an authenticated user with appropriate privilege to access or modify data in the underlying database. | Endpoint_manager_mobile | N/A | ||
| 2025-05-13 | CVE-2025-4427 | An authentication bypass in the API component of Ivanti Endpoint Manager Mobile 12.5.0.0 and prior allows attackers to access protected resources without proper credentials via the API. | Endpoint_manager_mobile | 7.5 | ||
| 2025-05-13 | CVE-2025-4428 | Remote Code Execution in API component in Ivanti Endpoint Manager Mobile 12.5.0.0 and prior on unspecified platforms allows authenticated attackers to execute arbitrary code via crafted API requests. | Endpoint_manager_mobile | 8.8 | ||
| 2024-08-07 | CVE-2024-36132 | Insufficient verification of authentication controls in EPMM prior to 12.1.0.1 allows a remote attacker to bypass authentication and access sensitive resources. | Endpoint_manager_mobile | 7.5 | ||
| 2024-05-22 | CVE-2024-22026 | A local privilege escalation vulnerability in EPMM before 12.1.0.0 allows an authenticated local user to bypass shell restriction and execute arbitrary commands on the appliance. | Endpoint_manager_mobile | 6.7 | ||
| 2024-08-07 | CVE-2024-36130 | An insufficient authorization vulnerability in web component of EPMM prior to 12.1.0.1 allows an unauthorized attacker within the network to execute arbitrary commands on the underlying operating system of the appliance. | Endpoint_manager_mobile | 9.8 | ||
| 2023-08-15 | CVE-2023-35082 | An authentication bypass vulnerability in Ivanti EPMM 11.10 and older, allows unauthorized users to access restricted functionality or resources of the application without proper authentication. This vulnerability is unique to CVE-2023-35078 announced earlier. | Endpoint_manager_mobile | 9.8 | ||
| 2023-07-25 | CVE-2023-35078 | An authentication bypass vulnerability in Ivanti EPMM allows unauthorized users to access restricted functionality or resources of the application without proper authentication. | Endpoint_manager_mobile | 9.8 | ||
| 2023-08-03 | CVE-2023-35081 | A path traversal vulnerability in Ivanti EPMM versions (11.10.x < 11.10.0.3, 11.9.x < 11.9.1.2 and 11.8.x < 11.8.1.2) allows an authenticated administrator to write arbitrary files onto the appliance. | Endpoint_manager_mobile | 7.2 |