Ivanti

Endpoint Manager

115 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.1

CVE-2025-22464

  • EPSS 0.09%
  • Veröffentlicht 08.04.2025 14:27:03
  • Zuletzt bearbeitet 16.05.2025 14:00:22

An untrusted pointer dereference vulnerability in Ivanti Endpoint Manager before version 2024 SU1 or before version 2022 SU7 allows an attacker with local access to write arbitrary data into memory causing a denial-of-service condition.

7.2

CVE-2025-22461

Medienbericht
  • EPSS 4.08%
  • Veröffentlicht 08.04.2025 14:26:23
  • Zuletzt bearbeitet 16.05.2025 14:00:20

SQL injection in Ivanti Endpoint Manager before version 2024 SU1 or before version 2022 SU7 allows a remote authenticated attacker with admin privileges to achieve code execution.

4.8

CVE-2025-22459

  • EPSS 0.08%
  • Veröffentlicht 08.04.2025 14:25:57
  • Zuletzt bearbeitet 16.05.2025 14:00:18

Improper certificate validation in Ivanti Endpoint Manager before version 2024 SU1 or before version 2022 SU7 allows a remote unauthenticated attacker to intercept limited traffic between clients and servers.

7.8

CVE-2025-22458

  • EPSS 0.15%
  • Veröffentlicht 08.04.2025 14:25:42
  • Zuletzt bearbeitet 17.05.2025 06:15:17

DLL hijacking in Ivanti Endpoint Manager before version 2024 SU1 or before version 2022 SU7 allows an authenticated attacker to escalate to System.

7.8

CVE-2024-13172

  • EPSS 0.52%
  • Veröffentlicht 14.01.2025 18:15:29
  • Zuletzt bearbeitet 11.07.2025 17:34:15

Improper signature verification in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to achieve remote code execution. Local user interaction is required.

7.5

CVE-2024-13168

  • EPSS 1.53%
  • Veröffentlicht 14.01.2025 18:15:28
  • Zuletzt bearbeitet 11.07.2025 17:33:52

An out-of-bounds write in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to cause a denial of service.

7.8

CVE-2024-13169

  • EPSS 0.13%
  • Veröffentlicht 14.01.2025 18:15:28
  • Zuletzt bearbeitet 11.07.2025 17:33:56

An out-of-bounds read in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a local authenticated attacker to escalate their privileges.

7.5

CVE-2024-13170

  • EPSS 1.53%
  • Veröffentlicht 14.01.2025 18:15:28
  • Zuletzt bearbeitet 11.07.2025 17:34:03

An out-of-bounds write in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to cause a denial of service.

7.8

CVE-2024-13171

  • EPSS 30.33%
  • Veröffentlicht 14.01.2025 18:15:28
  • Zuletzt bearbeitet 11.07.2025 17:34:10

Insufficient filename validation in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to achieve remote code execution. Local user interaction is required.

7.8

CVE-2024-13163

  • EPSS 26.47%
  • Veröffentlicht 14.01.2025 18:15:27
  • Zuletzt bearbeitet 11.07.2025 17:33:42

Deserialization of untrusted data in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to achieve remote code execution. Local user interaction is required.