cve,link,title,description,vendor,products,score,severity,epss,cisa,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2024-10256,https://securityvulnerability.io/vulnerability/CVE-2024-10256,Local Authenticated Attacker Can Delete Arbitrary Files in Ivanti Patch SDK Before v9.7.703,"The vulnerability presents a scenario where the Ivanti Patch SDK before version 9.7.703 exposes insufficient permissions, allowing a local authenticated attacker to execute unauthorized file deletions. This weakness could lead to significant disruptions in software management and maintenance operations, as sensitive files may be targeted and removed without proper permissions.",Ivanti,"Patch Sdk,Endpoint Manager,Security Controls,Patch For Configuration Manager,Neurons For Patch Management,Neurons Agent Platform",7.1,HIGH,0.0004299999854993075,false,false,false,false,,false,false,2024-12-10T18:46:01.911Z,0
CVE-2024-50322,https://securityvulnerability.io/vulnerability/CVE-2024-50322,Path Traversal Vulnerability in Ivanti Endpoint Manager,"A path traversal vulnerability exists in Ivanti Endpoint Manager that enables a local unauthenticated attacker to execute arbitrary code on affected systems. The vulnerability specifically arises due to improper validation of file paths in the application. An attacker must interact with the system to exploit this flaw, thereby posing a risk to systems running vulnerable versions of the software. It is crucial for organizations using Ivanti Endpoint Manager to apply the relevant security updates to mitigate potential threats.",Ivanti,Endpoint Manager,7.8,HIGH,0.002300000051036477,false,false,false,false,,false,false,2024-11-12T16:15:00.000Z,0
CVE-2024-50330,https://securityvulnerability.io/vulnerability/CVE-2024-50330,Remote Code Execution Vulnerability in Ivanti Endpoint Manager,"A vulnerability exists in Ivanti Endpoint Manager due to improper handling of SQL queries, allowing remote unauthenticated attackers to perform SQL injection attacks. This flaw could enable attackers to execute arbitrary code on the affected system, compromising security and potentially leading to unauthorized access to sensitive data. Users are advised to update to the latest security versions to mitigate risks associated with this vulnerability.",Ivanti,Endpoint Manager,9.8,CRITICAL,0.0006500000017695129,false,false,false,false,,false,false,2024-11-12T16:15:00.000Z,0
CVE-2024-50329,https://securityvulnerability.io/vulnerability/CVE-2024-50329,Path Traversal Vulnerability in Ivanti Endpoint Manager,"A path traversal vulnerability in Ivanti Endpoint Manager allows remote unauthenticated attackers to execute arbitrary code on affected systems. This security flaw exists in versions released before the November 2024 Security Update and the November Security Update for SU6 of 2022. Due to the nature of the vulnerability, user interaction is required, complicating the exploit but still leaving systems at risk without adequate mitigation strategies. Organizations utilizing Ivanti Endpoint Manager are urged to apply the latest security updates promptly to safeguard against potential exploits.",Ivanti,Endpoint Manager,8.8,HIGH,0.007840000092983246,false,false,false,false,,false,false,2024-11-12T16:15:00.000Z,0
CVE-2024-50328,https://securityvulnerability.io/vulnerability/CVE-2024-50328,SQL Injection Vulnerability in Ivanti Endpoint Manager,"The vulnerability in Ivanti Endpoint Manager arises from an SQL injection flaw which allows a remote authenticated attacker, possessing admin privileges, to exploit the system. This exploitation can lead to remote code execution, potentially compromising the integrity and security of the affected systems. The vulnerability exists in versions released prior to the November 2024 Security Update, as well as the November 2022 Security Update for version 2022 SU6. Organizations utilizing these versions should prioritize updating to safeguard their systems against potential threats.",Ivanti,Endpoint Manager,7.2,HIGH,0.003700000001117587,false,false,false,false,,false,false,2024-11-12T16:15:00.000Z,0
CVE-2024-50327,https://securityvulnerability.io/vulnerability/CVE-2024-50327,SQL Injection Vulnerability in Ivanti Endpoint Manager,"An SQL injection vulnerability has been identified in Ivanti Endpoint Manager, affecting versions prior to the November 2024 Security Update and the November 2022 SU6 Update. This vulnerability allows remote authenticated attackers with administrative privileges to execute arbitrary code, which could lead to significant compromise of affected systems. Organizations utilizing this product should assess their current deployment and apply the necessary security updates to mitigate potential risks associated with this vulnerability.",Ivanti,Endpoint Manager,7.2,HIGH,0.003700000001117587,false,false,false,false,,false,false,2024-11-12T16:15:00.000Z,0
CVE-2024-50326,https://securityvulnerability.io/vulnerability/CVE-2024-50326,SQL Injection Vulnerability in Ivanti Endpoint Manager,"A SQL injection vulnerability exists within Ivanti Endpoint Manager versions prior to the November 2024 Security Update and the November 2022 SU6 Security Update. This vulnerability can be exploited by remote authenticated attackers possessing administrative privileges, enabling them to perform remote code execution. The flaw impacts the integrity and security of applications that rely on Ivanti Endpoint Manager for system management, posing significant risks to user data and operational continuity. Organizations using this software must apply the necessary updates to mitigate potential threats.",Ivanti,Endpoint Manager,7.2,HIGH,0.003700000001117587,false,false,false,false,,false,false,2024-11-12T16:15:00.000Z,0
CVE-2024-50324,https://securityvulnerability.io/vulnerability/CVE-2024-50324,Path Traversal Vulnerability in Ivanti Endpoint Manager,"A path traversal vulnerability exists in Ivanti Endpoint Manager that permits a remote authenticated attacker with administrative privileges to gain unauthorized access and execute arbitrary code. This flaw impacts versions of the product released prior to the November 2024 Security Update, as well as versions before the November 2022 SU6. Attackers can exploit this vulnerability to bypass security settings, potentially leading to severe ramifications for system integrity and data protection. Timely updates and security patches are crucial to mitigating this risk.",Ivanti,Endpoint Manager,7.2,HIGH,0.0064199999906122684,false,false,false,false,,false,false,2024-11-12T16:15:00.000Z,0
CVE-2024-50323,https://securityvulnerability.io/vulnerability/CVE-2024-50323,SQL Injection Vulnerability in Ivanti Endpoint Manager Affects Local Security,"A SQL injection vulnerability exists in Ivanti Endpoint Manager that allows a local unauthenticated attacker to execute arbitrary code. This vulnerability is present in versions prior to the November 2024 Security Update and in the 2022 SU6 release before its own November Security Update. User interaction is needed to exploit this security flaw, which poses a risk to the integrity and confidentiality of systems relying on the affected software.",Ivanti,Endpoint Manager,7.8,HIGH,0.0011399999493733048,false,false,false,false,,false,false,2024-11-12T16:15:00.000Z,0
CVE-2024-7612,https://securityvulnerability.io/vulnerability/CVE-2024-7612,Insecure Permissions in Ivanti EPMM Allow Unauthorized Access to Sensitive Configuration Files,"The vulnerability in Ivanti Endpoint Manager Mobile (EPMM) arises from improperly configured permissions that potentially allow a local authenticated attacker to modify sensitive application components. With this flaw, an attacker who has legitimate access can leverage the vulnerabilities to alter critical settings and functionalities, posing significant risks to system integrity and user data security. Immediate actions to rectify permissions are essential to mitigate these risks and enhance the overall security posture of the application.",Ivanti,Endpoint Manager Mobile,7.8,HIGH,0.0004299999854993075,false,false,false,false,,false,false,2024-10-08T16:17:29.116Z,0
CVE-2024-8441,https://securityvulnerability.io/vulnerability/CVE-2024-8441,Uncontrolled Search Path Vuln in Ivanti EPM Affects Local Admin Privileges,"An uncontrolled search path in the agent of Ivanti EPM before 2022 SU6, or the 2024 September update allows a local authenticated attacker with admin privileges to escalate their privileges to SYSTEM.",Ivanti,Endpoint Manager,6.7,MEDIUM,0.0004299999854993075,false,false,false,false,,false,false,2024-09-10T21:15:00.000Z,0
CVE-2024-8322,https://securityvulnerability.io/vulnerability/CVE-2024-8322,Remote Access Vulnerability in Ivanti EPM Before 2022 SU6 or 2024 September Update,"The vulnerability in Ivanti Endpoint Manager stems from weak authentication mechanisms present in its patch management system. This flaw allows remote authenticated attackers to gain unauthorized access to restricted functionalities of the software. As a result, sensitive data and essential system controls may be compromised, leading to potential exploitation. Organizations using Ivanti Endpoint Manager should promptly review security advisories and implement appropriate updates to safeguard their environments.",Ivanti,Endpoint Manager,8.8,HIGH,0.0005000000237487257,false,false,false,false,,false,false,2024-09-10T21:15:00.000Z,0
CVE-2024-8321,https://securityvulnerability.io/vulnerability/CVE-2024-8321,Unauthorized Network Isolation Vulnerability in Ivanti EPM Before 2022 SU6 and 2024 September Update,"An authentication vulnerability exists in the Network Isolation feature of Ivanti Endpoint Manager. This flaw allows remote attackers to isolate managed devices from the network without proper authentication. Attackers can exploit this vulnerability on affected versions of Ivanti Endpoint Manager prior to the 2022 SU6 or the September 2024 update, leading to potential unauthorized network access and control over isolated devices.",Ivanti,Endpoint Manager,8.6,HIGH,0.0004600000102072954,false,false,false,false,,false,false,2024-09-10T21:15:00.000Z,0
CVE-2024-8320,https://securityvulnerability.io/vulnerability/CVE-2024-8320,Remote Unauthorized Access to Network Isolation in Ivanti EPM Before 2022 SU6 or 2024 September Update,"The vulnerability involves a significant missing authentication flaw within the network isolation of Ivanti Endpoint Manager products. This issue permits a remote unauthenticated attacker to exploit the vulnerabilities, enabling them to spoof the network isolation status of managed devices. As a result, attackers can potentially manipulate device visibility and network policies without any authentication, posing a serious risk to the integrity and security of the managed network. Organizations using affected versions of Ivanti EPM should prioritize reviewing security measures and apply the latest updates to mitigate potential risks.",Ivanti,Endpoint Manager,5.3,MEDIUM,0.0004600000102072954,false,false,false,false,,false,false,2024-09-10T21:15:00.000Z,0
CVE-2024-8191,https://securityvulnerability.io/vulnerability/CVE-2024-8191,Remote Code Execution Vulnerability in Ivanti EPM Management Console,"A vulnerability exists in the management console of Ivanti Endpoint Manager that allows remote unauthenticated attackers to exploit an SQL injection flaw. This vulnerability affects versions of Ivanti EPM released before the 2022 SU6 update as well as the September 2024 update. Successfully exploiting this flaw can enable attackers to execute arbitrary code on the affected systems, posing a serious risk to data integrity and system security.",Ivanti,Endpoint Manager,9.8,CRITICAL,0.007379999849945307,false,false,false,false,,false,false,2024-09-10T21:15:00.000Z,0
CVE-2023-39336,https://securityvulnerability.io/vulnerability/CVE-2023-39336,Unspecified SQL Injection Vulnerability Affects Ivanti Endpoint Manager Prior to 2022 SU 5,"An SQL Injection vulnerability exists within Ivanti Endpoint Manager versions released before 2022 SU 5, permitting attackers with internal network access to execute arbitrary SQL queries without authentication. This flaw poses a risk of unauthorized data retrieval and may lead to remote code execution on the core server under certain conditions. Organizations using the affected software should assess their security posture and implement necessary mitigations to protect their systems from potential exploitation.",Ivanti,Endpoint Manager,8.8,HIGH,0.0005300000193528831,false,false,false,false,,false,false,2024-01-09T02:15:00.000Z,0
CVE-2023-35083,https://securityvulnerability.io/vulnerability/CVE-2023-35083,,Allows an authenticated attacker with network access to read arbitrary files on Endpoint Manager recently discovered on 2022 SU3 and all previous versions potentially leading to the leakage of sensitive information.,Ivanti,Endpoint Manager,6.5,MEDIUM,0.0006399999838322401,false,false,false,false,,false,false,2023-10-18T04:15:00.000Z,0
CVE-2023-35084,https://securityvulnerability.io/vulnerability/CVE-2023-35084,,"Unsafe Deserialization of User Input could lead to Execution of Unauthorized Operations in Ivanti Endpoint Manager 2022 su3 and all previous versions, which could allow an attacker to execute commands remotely.",Ivanti,Endpoint Manager,9.8,CRITICAL,0.0014900000533089042,false,false,false,false,,false,false,2023-10-18T04:15:00.000Z,0
CVE-2023-38343,https://securityvulnerability.io/vulnerability/CVE-2023-38343,,An XXE (XML external entity injection) vulnerability exists in the CSEP component of Ivanti Endpoint Manager before 2022 SU4. External entity references are enabled in the XML parser configuration. Exploitation of this vulnerability can lead to file disclosure or Server Side Request Forgery.,Ivanti,Endpoint Manager,7.5,HIGH,0.0012000000569969416,false,false,false,false,,false,false,2023-09-21T00:00:00.000Z,0
CVE-2023-38344,https://securityvulnerability.io/vulnerability/CVE-2023-38344,,"An issue was discovered in Ivanti Endpoint Manager before 2022 SU4. A file disclosure vulnerability exists in the GetFileContents SOAP action exposed via /landesk/managementsuite/core/core.secure/OsdScript.asmx. The application does not sufficiently restrict user-supplied paths, allowing for an authenticated attacker to read arbitrary files from a remote system, including the private key used to authenticate to agents for remote access.",Ivanti,Endpoint Manager,6.5,MEDIUM,0.0006200000061653554,false,false,false,false,,false,false,2023-09-21T00:00:00.000Z,0
CVE-2023-35078,https://securityvulnerability.io/vulnerability/CVE-2023-35078,,An authentication bypass vulnerability in Ivanti EPMM allows unauthorized users to access restricted functionality or resources of the application without proper authentication.,Ivanti,Endpoint Manager Mobile,9.8,CRITICAL,0.969219982624054,true,true,true,true,true,false,false,2023-07-25T07:15:00.000Z,0
CVE-2023-35077,https://securityvulnerability.io/vulnerability/CVE-2023-35077,,An out-of-bounds write vulnerability on windows operating systems causes the Ivanti AntiVirus Product to crash. Update to Ivanti AV Product version 7.9.1.285 or above.,Ivanti,Endpoint Manager,8.1,HIGH,0.000859999970998615,false,false,false,false,,false,false,2023-07-21T21:15:00.000Z,0
CVE-2023-28324,https://securityvulnerability.io/vulnerability/CVE-2023-28324,,A improper input validation vulnerability exists in Ivanti Endpoint Manager 2022 and below that could allow privilege escalation or remote code execution.,Ivanti,Ivanti Endpoint Manager,9.8,CRITICAL,0.04641000181436539,false,false,false,false,,false,false,2023-07-01T00:15:00.000Z,0
CVE-2023-28323,https://securityvulnerability.io/vulnerability/CVE-2023-28323,,"A deserialization of untrusted data exists in EPM 2022 Su3 and all prior versions that allows an unauthenticated user to elevate rights. This exploit could potentially be used in conjunction with other OS (Operating System) vulnerabilities to escalate privileges on the machine or be used as a stepping stone to get to other network attached machines.
",Ivanti,Ivanti Endpoint Manager,9.8,CRITICAL,0.012090000323951244,false,false,false,false,,false,false,2023-07-01T00:15:00.000Z,0
CVE-2022-35259,https://securityvulnerability.io/vulnerability/CVE-2022-35259,,XML Injection with Endpoint Manager 2022. 3 and below causing a download of a malicious file to run and possibly execute to gain unauthorized privileges.,Ivanti,Ivanti Endpoint Manager,7.8,HIGH,0.0006200000061653554,false,false,false,false,,false,false,2022-12-05T00:00:00.000Z,0