Ivanti Endpoint Manager
68 CVEs affecting Ivanti Endpoint Manager. Latest disclosed: 2026-05-12. Critical: 7, High: 39.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2024-13159 | Critical | 9.8 | 2025-01-14 | Absolute path traversal in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated at… |
CVE-2024-13160 | Critical | 9.8 | 2025-01-14 | Absolute path traversal in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated at… |
CVE-2024-13161 | Critical | 9.8 | 2025-01-14 | Absolute path traversal in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated at… |
CVE-2024-10811 | Critical | 9.8 | 2025-01-14 | Absolute path traversal in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated at… |
CVE-2024-50330 | Critical | 9.8 | 2024-11-12 | SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote unauthenticated attacker to… |
CVE-2025-10573 | Critical | 9.6 | 2025-12-09 | Stored XSS in Ivanti Endpoint Manager prior to version 2024 SU4 SR1 allows a remote unauthenticated attacker to execute arbitrary JavaScript in the context of… |
CVE-2023-39336 | Critical | 9.6 | 2024-01-09 | An unspecified SQL Injection vulnerability in Ivanti Endpoint Manager released prior to 2022 SU 5 allows an attacker with access to the internal network to ex… |
CVE-2026-8111 | High | 8.8 | 2026-05-12 | SQL injection in the web console of Ivanti Endpoint Manager before version 2024 SU6 allows a remote authenticated attacker to achieve remote code execution. |
CVE-2025-13659 | High | 8.8 | 2025-12-09 | Improper control of dynamically managed code resources in Ivanti Endpoint Manager prior to version 2024 SU4 SR1 allows a remote, unauthenticated attacker to wr… |
CVE-2025-9713 | High | 8.8 | 2025-10-13 | Path traversal in Ivanti Endpoint Manager before version 2024 SU4 allows a remote unauthenticated attacker to achieve remote code execution. User interaction i… |
CVE-2025-9872 | High | 8.8 | 2025-09-09 | Insufficient filename validation in Ivanti Endpoint Manager before 2024 SU3 SR1 and 2022 SU8 SR2 allows a remote unauthenticated attacker to achieve remote cod… |
CVE-2025-9712 | High | 8.8 | 2025-09-09 | Insufficient filename validation in Ivanti Endpoint Manager before 2024 SU3 SR1 and 2022 SU8 SR2 allows a remote unauthenticated attacker to achieve remote cod… |
CVE-2024-50329 | High | 8.8 | 2024-11-12 | Path traversal in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote unauthenticated attacker to… |
CVE-2026-1603 | High | 8.6 | 2026-02-10 | An authentication bypass in Ivanti Endpoint Manager before version 2024 SU5 allows a remote unauthenticated attacker to leak specific stored credential data. |
CVE-2025-6996 | High | 8.4 | 2025-07-08 | Improper use of encryption in the agent of Ivanti Endpoint Manager before version 2024 SU3 and 2022 SU8 Security Update 1 allows a local authenticated attacker… |
CVE-2025-6995 | High | 8.4 | 2025-07-08 | Improper use of encryption in the agent of Ivanti Endpoint Manager before version 2024 SU3 and 2022 SU8 Security Update 1 allows a local authenticated attacker… |
CVE-2025-22466 | High | 8.2 | 2025-04-08 | Reflected XSS in Ivanti Endpoint Manager before version 2024 SU1 or before version 2022 SU7 allows a remote unauthenticated attacker to obtain admin privileges… |
CVE-2023-35077 | High | 8.1 | 2023-07-21 | An out-of-bounds write vulnerability on windows operating systems causes the Ivanti AntiVirus Product to crash. Update to Ivanti AV Product version 7.9.1.285 o… |
CVE-2026-8110 | High | 7.8 | 2026-05-12 | Incorrect permissions assignment in the agent of Ivanti Endpoint Manager before version 2024 SU6 allows a local authenticated attacker to escalate their privil… |
CVE-2025-13662 | High | 7.8 | 2025-12-09 | Improper verification of cryptographic signatures in the patch management component of Ivanti Endpoint Manager prior to version 2024 SU4 SR1 allows a remote un… |