Ivanti Epm
33 CVEs affecting Ivanti Epm. Latest disclosed: 2024-11-13. Critical: 16, High: 17.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2024-29847 | Critical | 10.0 | 2024-09-12 | Deserialization of untrusted data in the agent portal of Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote unauthenticated attacker to a… |
CVE-2024-29823 | Critical | 9.6 | 2024-05-31 | An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an unauthenticated attacker within the same network to execut… |
CVE-2024-29827 | Critical | 9.6 | 2024-05-31 | An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an unauthenticated attacker within the same network to execut… |
CVE-2024-29822 | Critical | 9.6 | 2024-05-31 | An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an unauthenticated attacker within the same network to execut… |
CVE-2024-29826 | Critical | 9.6 | 2024-05-31 | An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an unauthenticated attacker within the same network to execut… |
CVE-2024-29824 | Critical | 9.6 | 2024-05-31 | An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an unauthenticated attacker within the same network to execut… |
CVE-2024-29825 | Critical | 9.6 | 2024-05-31 | An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an unauthenticated attacker within the same network to execut… |
CVE-2024-32840 | Critical | 9.1 | 2024-09-12 | An unspecified SQL injection in Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote authenticated attacker with admin privileges to achiev… |
CVE-2024-34783 | Critical | 9.1 | 2024-09-12 | An unspecified SQL injection in Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote authenticated attacker with admin privileges to achiev… |
CVE-2024-34779 | Critical | 9.1 | 2024-09-12 | An unspecified SQL injection in Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote authenticated attacker with admin privileges to achiev… |
CVE-2024-32848 | Critical | 9.1 | 2024-09-12 | An unspecified SQL injection in Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote authenticated attacker with admin privileges to achiev… |
CVE-2024-34785 | Critical | 9.1 | 2024-09-12 | An unspecified SQL injection in Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote authenticated attacker with admin privileges to achiev… |
CVE-2024-32843 | Critical | 9.1 | 2024-09-12 | An unspecified SQL injection in Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote authenticated attacker with admin privileges to achiev… |
CVE-2024-32846 | Critical | 9.1 | 2024-09-12 | An unspecified SQL injection in Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote authenticated attacker with admin privileges to achiev… |
CVE-2024-32845 | Critical | 9.1 | 2024-09-12 | An unspecified SQL injection in Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote authenticated attacker with admin privileges to achiev… |
CVE-2024-32842 | Critical | 9.1 | 2024-09-12 | An unspecified SQL injection in Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote authenticated attacker with admin privileges to achiev… |
CVE-2024-37381 | High | 8.4 | 2024-07-29 | An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2024 flat allows an authenticated attacker within the same network to execute arbitrary… |
CVE-2024-29828 | High | 8.4 | 2024-05-31 | An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an authenticated attacker within the same network to execute… |
CVE-2024-29829 | High | 8.4 | 2024-05-31 | An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an authenticated attacker within the same network to execute… |
CVE-2024-29846 | High | 8.4 | 2024-05-31 | An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an authenticated attacker within the same network to execute… |