Ivanti

Endpoint Manager Mobile

17 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.2

CVE-2025-6771

  • EPSS 1.87%
  • Published 08.07.2025 15:38:48
  • Last modified 11.07.2025 17:29:00

OS command injection in Ivanti Endpoint Manager Mobile (EPMM) before version 12.5.0.2,12.4.0.3 and 12.3.0.3 allows a remote authenticated attacker with high privileges to achieve remote code execution

7.2

CVE-2025-6770

  • EPSS 1.87%
  • Published 08.07.2025 15:15:33
  • Last modified 11.07.2025 17:29:21

OS command injection in Ivanti Endpoint Manager Mobile (EPMM) before version 12.5.0.2 allows a remote authenticated attacker with high privileges to achieve remote code execution

8.8

CVE-2025-4428

Warning Media report
  • EPSS 40.32%
  • Published 13.05.2025 15:46:55
  • Last modified 21.05.2025 18:45:24

Remote Code Execution in API component in Ivanti Endpoint Manager Mobile 12.5.0.0 and prior on unspecified platforms allows authenticated attackers to execute arbitrary code via crafted API requests.

7.5

CVE-2025-4427

Warning Media report
  • EPSS 91.92%
  • Published 13.05.2025 15:45:35
  • Last modified 21.05.2025 18:45:49

An authentication bypass in the API component of Ivanti Endpoint Manager Mobile 12.5.0.0 and prior allows attackers to access protected resources without proper credentials via the API.

7.8

CVE-2024-7612

  • EPSS 0.1%
  • Published 08.10.2024 17:15:55
  • Last modified 18.12.2024 18:27:42

Insecure permissions in Ivanti EPMM before 12.1.0.4 allow a local authenticated attacker to modify sensitive application components.

7.5

CVE-2024-36132

  • EPSS 0.73%
  • Published 07.08.2024 04:17:18
  • Last modified 19.03.2025 21:15:35

Insufficient verification of authentication controls in EPMM prior to 12.1.0.1 allows a remote attacker to bypass authentication and access sensitive resources.

8.8

CVE-2024-36131

  • EPSS 2.47%
  • Published 07.08.2024 04:17:18
  • Last modified 21.08.2024 18:35:05

An insecure deserialization vulnerability in web component of EPMM prior to 12.1.0.1 allows an authenticated remote attacker to execute arbitrary commands on the underlying operating system of the appliance.

6.5

CVE-2024-34788

  • EPSS 6.18%
  • Published 07.08.2024 04:17:17
  • Last modified 12.08.2024 18:52:25

An improper authentication vulnerability in web component of EPMM prior to 12.1.0.1 allows a remote malicious user to access potentially sensitive information

9.8

CVE-2024-36130

  • EPSS 1.72%
  • Published 07.08.2024 04:17:17
  • Last modified 13.03.2025 21:15:40

An insufficient authorization vulnerability in web component of EPMM prior to 12.1.0.1 allows an unauthorized attacker within the network to execute arbitrary commands on the underlying operating system of the appliance.

6.7

CVE-2024-22026

  • EPSS 0.24%
  • Published 22.05.2024 23:15:08
  • Last modified 13.03.2025 17:15:28

A local privilege escalation vulnerability in EPMM before 12.1.0.0 allows an authenticated local user to bypass shell restriction and execute arbitrary commands on the appliance.