Ivanti Epmm
11 CVEs affecting Ivanti Epmm. Latest disclosed: 2024-08-07. Critical: 2, High: 3.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2023-35082 | Critical | 10.0 | 2023-08-15 | An authentication bypass vulnerability in Ivanti EPMM 11.10 and older, allows unauthorized users to access restricted functionality or resources of the applica… |
CVE-2024-36130 | Critical | 9.8 | 2024-08-07 | An insufficient authorization vulnerability in web component of EPMM prior to 12.1.0.1 allows an unauthorized attacker within the network to execute arbitrary… |
CVE-2024-36131 | High | 8.8 | 2024-08-07 | An insecure deserialization vulnerability in web component of EPMM prior to 12.1.0.1 allows an authenticated remote attacker to execute arbitrary commands on t… |
CVE-2024-36132 | High | 8.2 | 2024-08-07 | Insufficient verification of authentication controls in EPMM prior to 12.1.0.1 allows a remote attacker to bypass authentication and access sensitive resources. |
CVE-2023-35081 | High | 7.2 | 2023-08-03 | A path traversal vulnerability in Ivanti EPMM versions (11.10.x < 11.10.0.3, 11.9.x < 11.9.1.2 and 11.8.x < 11.8.1.2) allows an authenticated administrator to… |
CVE-2023-46806 | Medium | 6.7 | 2024-05-22 | An SQL Injection vulnerability in a web component of EPMM versions before 12.1.0.0 allows an authenticated user with appropriate privilege to access or modify… |
CVE-2023-46807 | Medium | 6.7 | 2024-05-22 | An SQL Injection vulnerability in web component of EPMM before 12.1.0.0 allows an authenticated user with appropriate privilege to access or modify data in the… |
CVE-2024-22026 | Medium | 6.7 | 2024-05-22 | A local privilege escalation vulnerability in EPMM before 12.1.0.0 allows an authenticated local user to bypass shell restriction and execute arbitrary command… |
CVE-2024-34788 | Medium | 5.3 | 2024-08-07 | An improper authentication vulnerability in web component of EPMM prior to 12.1.0.1 allows a remote malicious user to access potentially sensitive information |
CVE-2023-39337 | | 2023-11-14 | A security vulnerability in EPMM Versions 11.10, 11.9 and 11.8 older allows a threat actor with knowledge of an enrolled device identifier to access and extrac… | |
CVE-2023-39335 | | 2023-11-14 | A security vulnerability has been identified in EPMM Versions 11.10, 11.9 and 11.8 and older allowing an unauthenticated threat actor to impersonate any existi… |