cve,link,title,description,vendor,products,score,severity,epss,cisa,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2024-13158,https://securityvulnerability.io/vulnerability/CVE-2024-13158,Remote Code Execution Vulnerability in Ivanti Endpoint Manager,"An unbounded resource search path vulnerability exists in Ivanti Endpoint Manager prior to the January-2025 Security Update. This flaw enables a remote authenticated attacker, possessing admin privileges, to execute arbitrary code on the system, potentially compromising the integrity and confidentiality of sensitive information. It is vital for users to update their systems promptly to mitigate this risk.",Ivanti,Endpoint Manager,7.2,HIGH,0.0004400000034365803,false,false,false,false,false,false,false,2025-01-14T18:15:00.000Z,0
CVE-2024-13172,https://securityvulnerability.io/vulnerability/CVE-2024-13172,Remote Code Execution Vulnerability in Ivanti EPM Software,"This vulnerability in Ivanti EPM prior to the January 2025 Security Update allows remote unauthenticated attackers to execute code remotely. Although local user interaction is necessary to exploit this flaw, it poses a significant threat to systems utilizing versions of Ivanti EPM affected by this issue.",Ivanti,Endpoint Manager,7.8,HIGH,0.0004299999854993075,false,false,false,false,false,false,false,2025-01-14T18:15:00.000Z,0
CVE-2024-13171,https://securityvulnerability.io/vulnerability/CVE-2024-13171,Remote Code Execution Vulnerability in Ivanti EPM Software,"A vulnerability in Ivanti EPM prior to the January 2025 Security Update allows remote unauthenticated attackers to exploit insufficient filename validation, potentially leading to unauthorized remote code execution. While local user interaction is necessary for the attack to succeed, this flaw poses a significant security risk to affected systems, emphasizing the need for immediate security measures.",Ivanti,Endpoint Manager,7.8,HIGH,0.0004299999854993075,false,false,false,false,false,false,false,2025-01-14T18:15:00.000Z,0
CVE-2024-13170,https://securityvulnerability.io/vulnerability/CVE-2024-13170,Out-of-Bounds Write in Ivanti Endpoint Manager Affects Security Updates,"A critical vulnerability exists in Ivanti Endpoint Manager versions prior to the January 2025 Security Update, and in the 2022 SU6 January 2025 Security Update. This out-of-bounds write flaw allows a remote unauthorized attacker to manipulate memory, potentially leading to a denial of service condition. Attackers can exploit this vulnerability without prior authentication, posing significant risk to the stability and availability of affected systems.",Ivanti,Endpoint Manager,7.5,HIGH,0.0004299999854993075,false,false,false,false,false,false,false,2025-01-14T18:15:00.000Z,0
CVE-2024-13169,https://securityvulnerability.io/vulnerability/CVE-2024-13169,Local Privilege Escalation Vulnerability in Ivanti EPM Products,"A local authenticated attacker can exploit an out-of-bounds read vulnerability in Ivanti Endpoint Manager versions prior to the January 2025 security standards. This flaw enables an attacker to escalate their privileges within the affected system, potentially allowing them to gain unauthorized access to sensitive resources and systems.",Ivanti,Endpoint Manager,7.8,HIGH,0.0004299999854993075,false,false,false,false,false,false,false,2025-01-14T18:15:00.000Z,0
CVE-2024-13168,https://securityvulnerability.io/vulnerability/CVE-2024-13168,Out-of-Bounds Write Vulnerability in Ivanti EPM Software,"A vulnerability exists in Ivanti Endpoint Manager (EPM) that permits a remote unauthenticated attacker to exploit an out-of-bounds write condition. This flaw enables the attacker to disrupt service availability, potentially leading to a denial of service. Affected versions include Ivanti EPM prior to the January 2025 Security Update and Ivanti EPM 2022 SU6, also before the January 2025 update. System administrators are advised to apply the latest security updates to mitigate risks.",Ivanti,Endpoint Manager,7.5,HIGH,0.0004299999854993075,false,false,false,false,false,false,false,2025-01-14T18:15:00.000Z,0
CVE-2024-13167,https://securityvulnerability.io/vulnerability/CVE-2024-13167,Out-of-Bounds Write Vulnerability in Ivanti EPM Software,"An out-of-bounds write vulnerability in Ivanti Endpoint Manager (EPM) enables a remote, unauthenticated attacker to exploit the software prior to specific January 2025 Security Updates. This flaw may lead to potential service disruptions, as it allows for manipulation that could result in a denial of service. Users must update their EPM software to the latest security patches to mitigate the risks associated with this vulnerability.",Ivanti,Endpoint Manager,7.5,HIGH,0.0004299999854993075,false,false,false,false,false,false,false,2025-01-14T18:15:00.000Z,0
CVE-2024-13166,https://securityvulnerability.io/vulnerability/CVE-2024-13166,Out-of-Bounds Write Vulnerability in Ivanti EPM,"An out-of-bounds write vulnerability in Ivanti Endpoint Manager allows adversaries to exploit the software versions predating the January 2025 Security Update. This vulnerability enables remote unauthenticated attackers to trigger a denial of service, impacting the availability of the software. It’s crucial for organizations using the affected versions to apply the necessary updates to mitigate risks associated with this vulnerability.",Ivanti,Endpoint Manager,7.5,HIGH,0.0004299999854993075,false,false,false,false,false,false,false,2025-01-14T18:15:00.000Z,0
CVE-2024-13165,https://securityvulnerability.io/vulnerability/CVE-2024-13165,Out-of-Bounds Write Vulnerability in Ivanti EPM,"An out-of-bounds write vulnerability exists in Ivanti Endpoint Manager (EPM) prior to the January 2025 Security Update for both EPM 2024 and EPM 2022 SU6. This vulnerability can be exploited by remote unauthenticated attackers, potentially leading to a denial of service. Organizations utilizing affected versions are urged to apply the necessary updates to mitigate potential risks from exploitation.",Ivanti,Endpoint Manager,7.5,HIGH,0.0004299999854993075,false,false,false,false,false,false,false,2025-01-14T18:15:00.000Z,0
CVE-2024-13164,https://securityvulnerability.io/vulnerability/CVE-2024-13164,Privilege Escalation Vulnerability in Ivanti Endpoint Manager,"Ivanti Endpoint Manager (EPM) is vulnerable due to an uninitialized resource that exists in versions prior to the January 2025 security update. This flaw allows local authenticated attackers to exploit the vulnerability for privilege escalation, potentially gaining enhanced access to system resources and sensitive data. Users are advised to upgrade to the latest versions to mitigate risks associated with this security issue.",Ivanti,Endpoint Manager,7.8,HIGH,0.0004299999854993075,false,false,false,false,false,false,false,2025-01-14T18:15:00.000Z,0
CVE-2024-13161,https://securityvulnerability.io/vulnerability/CVE-2024-13161,Absolute Path Traversal Vulnerability in Ivanti Endpoint Manager,"An absolute path traversal vulnerability exists in Ivanti Endpoint Manager, allowing a remote unauthenticated attacker to exploit the flaw. This vulnerability can potentially enable attackers to access sensitive information stored on the server. The issue affects Ivanti EPM prior to the January 2025 Security Update and the 2022 SU6 January 2025 Security Update. Organizations using these affected versions should apply the necessary security updates to mitigate potential risks.",Ivanti,Endpoint Manager,9.8,CRITICAL,0.0004299999854993075,false,false,false,false,false,false,false,2025-01-14T18:15:00.000Z,0
CVE-2024-13160,https://securityvulnerability.io/vulnerability/CVE-2024-13160,Absolute Path Traversal in Ivanti Endpoint Manager,"An absolute path traversal vulnerability exists in Ivanti Endpoint Manager versions prior to the January 2025 Security Update. This allows a remote unauthenticated attacker to exploit the flaw, gaining access to sensitive information stored on the server. Attackers can leverage this vulnerability to traverse the file system and expose critical data, leading to potential compromises of sensitive information.",Ivanti,Endpoint Manager,9.8,CRITICAL,0.0004299999854993075,false,false,false,false,false,false,false,2025-01-14T18:15:00.000Z,0
CVE-2024-13159,https://securityvulnerability.io/vulnerability/CVE-2024-13159,Path Traversal Vulnerability in Ivanti Endpoint Manager Products,Ivanti Endpoint Manager is impacted by an absolute path traversal vulnerability that enables remote unauthenticated attackers to access and leak sensitive information. This issue affects Ivanti EPM versions released prior to the January 2025 security update. It is crucial for users of these products to apply the necessary security updates to mitigate the risks associated with this vulnerability.,Ivanti,Endpoint Manager,9.8,CRITICAL,0.0004299999854993075,false,false,false,false,false,false,false,2025-01-14T18:15:00.000Z,0
CVE-2024-10811,https://securityvulnerability.io/vulnerability/CVE-2024-10811,Path Traversal Vulnerability in Ivanti Endpoint Manager,"A path traversal vulnerability in Ivanti Endpoint Manager allows unauthenticated remote attackers to access sensitive information by manipulating absolute paths. This flaw affects versions prior to the January 2025 Security Update, posing a significant risk of data exposure.",Ivanti,Endpoint Manager,9.8,CRITICAL,0.0004299999854993075,false,false,false,false,false,false,false,2025-01-14T17:15:00.000Z,0
CVE-2024-10256,https://securityvulnerability.io/vulnerability/CVE-2024-10256,Local Authenticated Attacker Can Delete Arbitrary Files in Ivanti Patch SDK Before v9.7.703,"The vulnerability presents a scenario where the Ivanti Patch SDK before version 9.7.703 exposes insufficient permissions, allowing a local authenticated attacker to execute unauthorized file deletions. This weakness could lead to significant disruptions in software management and maintenance operations, as sensitive files may be targeted and removed without proper permissions.",Ivanti,"Patch Sdk,Endpoint Manager,Security Controls,Patch For Configuration Manager,Neurons For Patch Management,Neurons Agent Platform",7.1,HIGH,0.0004299999854993075,false,false,false,false,,false,false,2024-12-10T18:46:01.911Z,0
CVE-2024-50323,https://securityvulnerability.io/vulnerability/CVE-2024-50323,SQL Injection Vulnerability in Ivanti Endpoint Manager Affects Local Security,"A SQL injection vulnerability exists in Ivanti Endpoint Manager that allows a local unauthenticated attacker to execute arbitrary code. This vulnerability is present in versions prior to the November 2024 Security Update and in the 2022 SU6 release before its own November Security Update. User interaction is needed to exploit this security flaw, which poses a risk to the integrity and confidentiality of systems relying on the affected software.",Ivanti,Endpoint Manager,7.8,HIGH,0.0011399999493733048,false,false,false,false,,false,false,2024-11-12T16:15:00.000Z,0
CVE-2024-50322,https://securityvulnerability.io/vulnerability/CVE-2024-50322,Path Traversal Vulnerability in Ivanti Endpoint Manager,"A path traversal vulnerability exists in Ivanti Endpoint Manager that enables a local unauthenticated attacker to execute arbitrary code on affected systems. The vulnerability specifically arises due to improper validation of file paths in the application. An attacker must interact with the system to exploit this flaw, thereby posing a risk to systems running vulnerable versions of the software. It is crucial for organizations using Ivanti Endpoint Manager to apply the relevant security updates to mitigate potential threats.",Ivanti,Endpoint Manager,7.8,HIGH,0.002300000051036477,false,false,false,false,,false,false,2024-11-12T16:15:00.000Z,0
CVE-2024-50324,https://securityvulnerability.io/vulnerability/CVE-2024-50324,Path Traversal Vulnerability in Ivanti Endpoint Manager,"A path traversal vulnerability exists in Ivanti Endpoint Manager that permits a remote authenticated attacker with administrative privileges to gain unauthorized access and execute arbitrary code. This flaw impacts versions of the product released prior to the November 2024 Security Update, as well as versions before the November 2022 SU6. Attackers can exploit this vulnerability to bypass security settings, potentially leading to severe ramifications for system integrity and data protection. Timely updates and security patches are crucial to mitigating this risk.",Ivanti,Endpoint Manager,7.2,HIGH,0.007819999940693378,false,false,false,false,,false,false,2024-11-12T16:15:00.000Z,0
CVE-2024-50326,https://securityvulnerability.io/vulnerability/CVE-2024-50326,SQL Injection Vulnerability in Ivanti Endpoint Manager,"A SQL injection vulnerability exists within Ivanti Endpoint Manager versions prior to the November 2024 Security Update and the November 2022 SU6 Security Update. This vulnerability can be exploited by remote authenticated attackers possessing administrative privileges, enabling them to perform remote code execution. The flaw impacts the integrity and security of applications that rely on Ivanti Endpoint Manager for system management, posing significant risks to user data and operational continuity. Organizations using this software must apply the necessary updates to mitigate potential threats.",Ivanti,Endpoint Manager,7.2,HIGH,0.003700000001117587,false,false,false,false,,false,false,2024-11-12T16:15:00.000Z,0
CVE-2024-50327,https://securityvulnerability.io/vulnerability/CVE-2024-50327,SQL Injection Vulnerability in Ivanti Endpoint Manager,"An SQL injection vulnerability has been identified in Ivanti Endpoint Manager, affecting versions prior to the November 2024 Security Update and the November 2022 SU6 Update. This vulnerability allows remote authenticated attackers with administrative privileges to execute arbitrary code, which could lead to significant compromise of affected systems. Organizations utilizing this product should assess their current deployment and apply the necessary security updates to mitigate potential risks associated with this vulnerability.",Ivanti,Endpoint Manager,7.2,HIGH,0.003700000001117587,false,false,false,false,,false,false,2024-11-12T16:15:00.000Z,0
CVE-2024-50328,https://securityvulnerability.io/vulnerability/CVE-2024-50328,SQL Injection Vulnerability in Ivanti Endpoint Manager,"The vulnerability in Ivanti Endpoint Manager arises from an SQL injection flaw which allows a remote authenticated attacker, possessing admin privileges, to exploit the system. This exploitation can lead to remote code execution, potentially compromising the integrity and security of the affected systems. The vulnerability exists in versions released prior to the November 2024 Security Update, as well as the November 2022 Security Update for version 2022 SU6. Organizations utilizing these versions should prioritize updating to safeguard their systems against potential threats.",Ivanti,Endpoint Manager,7.2,HIGH,0.003700000001117587,false,false,false,false,,false,false,2024-11-12T16:15:00.000Z,0
CVE-2024-50329,https://securityvulnerability.io/vulnerability/CVE-2024-50329,Path Traversal Vulnerability in Ivanti Endpoint Manager,"A path traversal vulnerability in Ivanti Endpoint Manager allows remote unauthenticated attackers to execute arbitrary code on affected systems. This security flaw exists in versions released before the November 2024 Security Update and the November Security Update for SU6 of 2022. Due to the nature of the vulnerability, user interaction is required, complicating the exploit but still leaving systems at risk without adequate mitigation strategies. Organizations utilizing Ivanti Endpoint Manager are urged to apply the latest security updates promptly to safeguard against potential exploits.",Ivanti,Endpoint Manager,8.8,HIGH,0.00953999999910593,false,false,false,false,,false,false,2024-11-12T16:15:00.000Z,0
CVE-2024-50330,https://securityvulnerability.io/vulnerability/CVE-2024-50330,Remote Code Execution Vulnerability in Ivanti Endpoint Manager,"A vulnerability exists in Ivanti Endpoint Manager due to improper handling of SQL queries, allowing remote unauthenticated attackers to perform SQL injection attacks. This flaw could enable attackers to execute arbitrary code on the affected system, compromising security and potentially leading to unauthorized access to sensitive data. Users are advised to update to the latest security versions to mitigate risks associated with this vulnerability.",Ivanti,Endpoint Manager,9.8,CRITICAL,0.0006500000017695129,false,false,false,false,,false,false,2024-11-12T16:15:00.000Z,0
CVE-2024-7612,https://securityvulnerability.io/vulnerability/CVE-2024-7612,Insecure Permissions in Ivanti EPMM Allow Unauthorized Access to Sensitive Configuration Files,"The vulnerability in Ivanti Endpoint Manager Mobile (EPMM) arises from improperly configured permissions that potentially allow a local authenticated attacker to modify sensitive application components. With this flaw, an attacker who has legitimate access can leverage the vulnerabilities to alter critical settings and functionalities, posing significant risks to system integrity and user data security. Immediate actions to rectify permissions are essential to mitigate these risks and enhance the overall security posture of the application.",Ivanti,Endpoint Manager Mobile,7.8,HIGH,0.0004299999854993075,false,false,false,false,,false,false,2024-10-08T16:17:29.116Z,0
CVE-2024-8191,https://securityvulnerability.io/vulnerability/CVE-2024-8191,Remote Code Execution Vulnerability in Ivanti EPM Management Console,"A vulnerability exists in the management console of Ivanti Endpoint Manager that allows remote unauthenticated attackers to exploit an SQL injection flaw. This vulnerability affects versions of Ivanti EPM released before the 2022 SU6 update as well as the September 2024 update. Successfully exploiting this flaw can enable attackers to execute arbitrary code on the affected systems, posing a serious risk to data integrity and system security.",Ivanti,Endpoint Manager,9.8,CRITICAL,0.007379999849945307,false,false,false,false,,false,false,2024-09-10T21:15:00.000Z,0