Ivanti

Endpoint Manager Mobile

21 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.5

CVE-2024-36132

  • EPSS 0.76%
  • Veröffentlicht 07.08.2024 04:17:18
  • Zuletzt bearbeitet 19.03.2025 21:15:35

Insufficient verification of authentication controls in EPMM prior to 12.1.0.1 allows a remote attacker to bypass authentication and access sensitive resources.

9.8

CVE-2024-36130

  • EPSS 1.65%
  • Veröffentlicht 07.08.2024 04:17:17
  • Zuletzt bearbeitet 13.03.2025 21:15:40

An insufficient authorization vulnerability in web component of EPMM prior to 12.1.0.1 allows an unauthorized attacker within the network to execute arbitrary commands on the underlying operating system of the appliance.

6.5

CVE-2024-34788

  • EPSS 6.18%
  • Veröffentlicht 07.08.2024 04:17:17
  • Zuletzt bearbeitet 12.08.2024 18:52:25

An improper authentication vulnerability in web component of EPMM prior to 12.1.0.1 allows a remote malicious user to access potentially sensitive information

6.7

CVE-2024-22026

  • EPSS 0.24%
  • Veröffentlicht 22.05.2024 23:15:08
  • Zuletzt bearbeitet 13.03.2025 17:15:28

A local privilege escalation vulnerability in EPMM before 12.1.0.0 allows an authenticated local user to bypass shell restriction and execute arbitrary commands on the appliance.

6.7

CVE-2023-46807

  • EPSS 0.97%
  • Veröffentlicht 22.05.2024 23:15:08
  • Zuletzt bearbeitet 13.06.2025 19:05:40

An SQL Injection vulnerability in web component of EPMM before 12.1.0.0 allows an authenticated user with appropriate privilege to access or modify data in the underlying database.

6.7

CVE-2023-46806

  • EPSS 0.97%
  • Veröffentlicht 22.05.2024 23:15:08
  • Zuletzt bearbeitet 13.06.2025 19:05:59

An SQL Injection vulnerability in a web component of EPMM versions before 12.1.0.0 allows an authenticated user with appropriate privilege to access or modify data in the underlying database.

9.1

CVE-2023-39337

  • EPSS 1.14%
  • Veröffentlicht 15.11.2023 00:15:08
  • Zuletzt bearbeitet 21.11.2024 08:15:11

A security vulnerability in EPMM Versions 11.10, 11.9 and 11.8 older allows a threat actor with knowledge of an enrolled device identifier to access and extract sensitive information, including device and environment configuration details, as well as...

9.8

CVE-2023-39335

  • EPSS 1.62%
  • Veröffentlicht 15.11.2023 00:15:08
  • Zuletzt bearbeitet 21.11.2024 08:15:10

A security vulnerability has been identified in EPMM Versions 11.10, 11.9 and 11.8 and older allowing an unauthenticated threat actor to impersonate any existing user during the device enrollment process. This issue poses a significant security risk,...

9.8

CVE-2023-35082

Warnung
  • EPSS 94.42%
  • Veröffentlicht 15.08.2023 16:15:11
  • Zuletzt bearbeitet 31.10.2025 21:59:16

An authentication bypass vulnerability in Ivanti EPMM 11.10 and older, allows unauthorized users to access restricted functionality or resources of the application without proper authentication. This vulnerability is unique to CVE-2023-35078 announce...

7.2

CVE-2023-35081

Warnung
  • EPSS 92.43%
  • Veröffentlicht 03.08.2023 18:15:11
  • Zuletzt bearbeitet 31.10.2025 21:58:45

A path traversal vulnerability in Ivanti EPMM versions (11.10.x < 11.10.0.3, 11.9.x < 11.9.1.2 and 11.8.x < 11.8.1.2) allows an authenticated administrator to write arbitrary files onto the appliance.