Ivanti Endpoint Manager

Auth Bypass in Ivanti Endpoint Manager leaks credentials
CVE-2026-1603 8.6 - High - February 10, 2026

An authentication bypass in Ivanti Endpoint Manager before version 2024 SU5 allows a remote unauthenticated attacker to leak specific stored credential data.

Authentication Bypass Using an Alternate Path or Channel

SQLi in Ivanti Endpoint Manager (2024 SU5) Enables Remote Auth'd Read
CVE-2026-1602 6.5 - Medium - February 10, 2026

SQL injection in Ivanti Endpoint Manager before version 2024 SU5 allows a remote authenticated attacker to read arbitrary data from the database.

SQL Injection

Ivanti Endpoint Manager: Improper Verification of Patch Management Signatures
CVE-2025-13662 7.8 - High - December 09, 2025

Improper verification of cryptographic signatures in the patch management component of Ivanti Endpoint Manager prior to version 2024 SU4 SR1 allows a remote unauthenticated attacker to execute arbitrary code. User Interaction is required.

Improper Verification of Cryptographic Signature

Path traversal in Ivanti Endpoint Manager allows RTA to write files
CVE-2025-13661 7.1 - High - December 09, 2025

Path traversal in Ivanti Endpoint Manager prior to version 2024 SU4 SR1 allows a remote authenticated attacker to write arbitrary files outside of the intended directory. User interaction is required.

Directory traversal

Remote File Write in Ivanti Endpoint Manager (CVE-2025-13659)
CVE-2025-13659 8.8 - High - December 09, 2025

Improper control of dynamically managed code resources in Ivanti Endpoint Manager prior to version 2024 SU4 SR1 allows a remote, unauthenticated attacker to write arbitrary files on the server, potentially leading to remote code execution. User interaction is required.

Improper Control of Dynamically-Managed Code Resources

Stored XSS in Ivanti Endpoint Manager (prior to 2024 SU4 SR1)
CVE-2025-10573 9.6 - Critical - December 09, 2025

Stored XSS in Ivanti Endpoint Manager prior to version 2024 SU4 SR1 allows a remote unauthenticated attacker to execute arbitrary JavaScript in the context of an administrator session. User interaction is required.

XSS

Ivanti Endpoint Manager Agent Perms Flaw Allows Arbitrary File Write
CVE-2025-10918 7.1 - High - November 11, 2025

Insecure default permissions in the agent of Ivanti Endpoint Manager before version 2024 SU4 allows a local authenticated attacker to write arbitrary files anywhere on disk

Incorrect Default Permissions

SQLi in Ivanti Endpoint Manager Remote Auth Data Leak
CVE-2025-62384 6.5 - Medium - October 13, 2025

SQL injection in Ivanti Endpoint Manager before version 2024 SU5 allows a remote authenticated attacker to read arbitrary data from the database.

SQL Injection

SQL Injection in Ivanti Endpoint Manager allows data exfiltration
CVE-2025-62386 6.5 - Medium - October 13, 2025

SQL injection in Ivanti Endpoint Manager before version 2024 SU5 allows a remote authenticated attacker to read arbitrary data from the database.

SQL Injection

SQLi in Ivanti Endpoint Manager Enables Data Exfiltration
CVE-2025-62383 6.5 - Medium - October 13, 2025

SQL injection in Ivanti Endpoint Manager before version 2024 SU5 allows a remote authenticated attacker to read arbitrary data from the database.

SQL Injection

SQLi in IVANTI Endpoint Manager allows remote auth attacker read DB
CVE-2025-62391 6.5 - Medium - October 13, 2025

SQL injection in Ivanti Endpoint Manager before version 2024 SU5 allows a remote authenticated attacker to read arbitrary data from the database.

SQL Injection

Remote Authenticated SQL Injection in Ivanti Endpoint Manager
CVE-2025-62385 6.5 - Medium - October 13, 2025

SQL injection in Ivanti Endpoint Manager before version 2024 SU5 allows a remote authenticated attacker to read arbitrary data from the database.

SQL Injection

SQLi in Ivanti Endpoint Manager Allows Authenticated Data Read
CVE-2025-62387 6.5 - Medium - October 13, 2025

SQL injection in Ivanti Endpoint Manager before version 2024 SU5 allows a remote authenticated attacker to read arbitrary data from the database.

SQL Injection

SQLi in Ivanti Endpoint Manager allows remote authenticated data read
CVE-2025-62388 6.5 - Medium - October 13, 2025

SQL injection in Ivanti Endpoint Manager before version 2024 SU5 allows a remote authenticated attacker to read arbitrary data from the database.

SQL Injection

Ivanti Endpoint Manager SQLi: Remote Auth Att Read DB Data
CVE-2025-62389 6.5 - Medium - October 13, 2025

SQL injection in Ivanti Endpoint Manager before version 2024 SU5 allows a remote authenticated attacker to read arbitrary data from the database.

SQL Injection

CVE-2025-62390: SQLi in Ivanti Endpoint Manager reading DB data
CVE-2025-62390 6.5 - Medium - October 13, 2025

SQL injection in Ivanti Endpoint Manager before version 2024 SU5 allows a remote authenticated attacker to read arbitrary data from the database.

SQL Injection

SQL injection in Ivanti Endpoint Manager allows remote authenticated data exfiltration
CVE-2025-62392 6.5 - Medium - October 13, 2025

SQL injection in Ivanti Endpoint Manager before version 2024 SU5 allows a remote authenticated attacker to read arbitrary data from the database.

SQL Injection

SQLi in Ivanti Endpoint Manager Web UI allows Authenticated Data Read
CVE-2025-11623 6.5 - Medium - October 13, 2025

SQL injection in Ivanti Endpoint Manager before version 2024 SU5 allows a remote authenticated attacker to read arbitrary data from the database.

SQL Injection

CVE-2025-9713: Path Traversal/Remote Code Execution in Ivanti Endpoint Manager
CVE-2025-9713 8.8 - High - October 13, 2025

Path traversal in Ivanti Endpoint Manager before version 2024 SU4 allows a remote unauthenticated attacker to achieve remote code execution. User interaction is required.

Directory traversal

Ivanti Endpoint Manager Insecure Deserialization Enables Local Auth Escalation
CVE-2025-11622 7.8 - High - October 13, 2025

Insecure deserialization in Ivanti Endpoint Manager before version 2024 SU4 allows a local authenticated attacker to escalate their privileges.

Marshaling, Unmarshaling

Remote Auth SQLi in Ivanti Endpoint Manager <2024 SU3
CVE-2025-7037 - July 08, 2025

SQL injection in Ivanti Endpoint Manager before version 2024 SU3 and 2022 SU8 Security Update 1 allows a remote authenticated attacker with admin privileges to read arbitrary data from the database

SQL Injection

Ivanti Endpoint Manager Agent Improper Encryption Decrypts Passwords
CVE-2025-6996 - July 08, 2025

Improper use of encryption in the agent of Ivanti Endpoint Manager before version 2024 SU3 and 2022 SU8 Security Update 1 allows a local authenticated attacker to decrypt other users passwords.

Storing Passwords in a Recoverable Format

Ivanti Endpoint Manager Agent Improper Encryption Decrypts User Passwords
CVE-2025-6995 - July 08, 2025

Improper use of encryption in the agent of Ivanti Endpoint Manager before version 2024 SU3 and 2022 SU8 Security Update 1 allows a local authenticated attacker to decrypt other users passwords.

Storing Passwords in a Recoverable Format

Reflected XSS in Ivanti Endpoint Mgr Enables Unauth Admin Privs
CVE-2025-22466 9.6 - Critical - April 08, 2025

Reflected XSS in Ivanti Endpoint Manager before version 2024 SU1 or before version 2022 SU7 allows a remote unauthenticated attacker to obtain admin privileges. User interaction is required.

XSS

Reflected XSS in Ivanti Endpoint Manager (IEPM) Enables Remote Code Exec
CVE-2025-22465 6.1 - Medium - April 08, 2025

Reflected XSS in Ivanti Endpoint Manager before version 2024 SU1 or before version 2022 SU7 allows a remote unauthenticated attacker to execute arbitrary javascript in a victim's browser. Unlikely user interaction is required.

XSS

Ivanti Endpoint Manager: Local Pointer Dereference DoS (CVE-2025-22464)
CVE-2025-22464 6.1 - Medium - April 08, 2025

An untrusted pointer dereference vulnerability in Ivanti Endpoint Manager before version 2024 SU1 or before version 2022 SU7 allows an attacker with local access to write arbitrary data into memory causing a denial-of-service condition.

Untrusted Pointer Dereference

SQL Injection in Ivanti Endpoint Manager allows remote code execution
CVE-2025-22461 7.2 - High - April 08, 2025

SQL injection in Ivanti Endpoint Manager before version 2024 SU1 or before version 2022 SU7 allows a remote authenticated attacker with admin privileges to achieve code execution.

SQL Injection

CVE-2025-22459: Improper Cert Validation in Ivanti Endpoint Manager
CVE-2025-22459 4.8 - Medium - April 08, 2025

Improper certificate validation in Ivanti Endpoint Manager before version 2024 SU1 or before version 2022 SU7 allows a remote unauthenticated attacker to intercept limited traffic between clients and servers.

Improper Certificate Validation

DLL Hijacking in Ivanti Endpoint Manager Enables Authenticated System Escalation
CVE-2025-22458 7.8 - High - April 08, 2025

DLL hijacking in Ivanti Endpoint Manager before version 2024 SU1 or before version 2022 SU7 allows an authenticated attacker to escalate to System.

DLL preloading

Ivanti EPM OOB Write Causing Remote DoS (CVE-2024-13165)
CVE-2024-13165 - January 14, 2025

An out-of-bounds write in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to cause a denial of service.

Memory Corruption

Ivanti EPM Path Traversal Leak Sensitive Data
CVE-2024-13161 9.8 - Critical - January 14, 2025

Absolute path traversal in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to leak sensitive information.

Absolute Path Traversal

Absolute path traversal in Ivanti EPM allows remote info leak
CVE-2024-13160 9.8 - Critical - January 14, 2025

Absolute path traversal in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to leak sensitive information.

Absolute Path Traversal

Absolute Path Traversal in Ivanti EPM Remote Info Leak
CVE-2024-13159 9.8 - Critical - January 14, 2025

Absolute path traversal in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to leak sensitive information.

Absolute Path Traversal

Ivanti EPM Insufficient Filename Validation RCE Remote Code Execution
CVE-2024-13171 - January 14, 2025

Insufficient filename validation in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to achieve remote code execution. Local user interaction is required.

Unrestricted File Upload

Unbounded Search Path in Ivanti EPM Enables RCE
CVE-2024-13158 - January 14, 2025

An unbounded resource search path in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote authenticated attacker with admin privileges to achieve remote code execution.

Directory traversal

SQL Injection in Ivanti EPM Enables RCE for Admin Authenticated Attacker
CVE-2024-13162 - January 14, 2025

SQL injection in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote authenticated attacker with admin privileges to achieve remote code execution. This CVE addresses incomplete fixes from CVE-2024-32848.

SQL Injection

Remote RCE via Untrusted Deserialization in Ivanti EPM
CVE-2024-13163 - January 14, 2025

Deserialization of untrusted data in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to achieve remote code execution. Local user interaction is required.

Marshaling, Unmarshaling

Ivanti EPM Privilege Escalation (Uninitialized Resource) Local Auth
CVE-2024-13164 - January 14, 2025

An uninitialized resource in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a local authenticated attacker to escalate their privileges.

Use of Uninitialized Resource

Out-of-bounds write in Ivanti EPM allows remote unauthenticated DDoS
CVE-2024-13166 - January 14, 2025

An out-of-bounds write in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to cause a denial of service.

Memory Corruption

OOB Write in Ivanti EPM Enables Remote DoS
CVE-2024-13168 - January 14, 2025

An out-of-bounds write in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to cause a denial of service.

Memory Corruption

Out-of-bounds Write in Ivanti EPM Causes Remote DoS
CVE-2024-13167 - January 14, 2025

An out-of-bounds write in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to cause a denial of service.

Memory Corruption

Out-of-Bounds Read in Ivanti EPM (pre-2025 Update) Enables Priv Escalation
CVE-2024-13169 - January 14, 2025

An out-of-bounds read in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a local authenticated attacker to escalate their privileges.

Out-of-bounds Read

Ivanti EPM Improper Signature Verification Remote Code Execution
CVE-2024-13172 - January 14, 2025

Improper signature verification in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to achieve remote code execution. Local user interaction is required.

Improper Verification of Cryptographic Signature

Ivanti EPM OOB Write Remote DoS
CVE-2024-13170 - January 14, 2025

An out-of-bounds write in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to cause a denial of service.

Memory Corruption

Ivanti EPM Path Traversal Remote Info Leak
CVE-2024-10811 7.5 - High - January 14, 2025

Absolute path traversal in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to leak sensitive information.

Directory traversal

Ivanti Patch SDK <=9.7.702 Local Auth Delete Files
CVE-2024-10256 - December 10, 2024

Insufficient permissions in Ivanti Patch SDK before version 9.7.703 allows a local authenticated attacker to delete arbitrary files.

Ivanti Endpoint Manager SQL Injection Vulnerability
CVE-2024-34782 7.2 - High - November 13, 2024

SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote authenticated attacker with admin privileges to achieve remote code execution.

Ivanti Endpoint Manager SQL Injection Vulnerability
CVE-2024-34780 7.2 - High - November 13, 2024

SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote authenticated attacker with admin privileges to achieve remote code execution.

SQLi in Ivanti Endpoint Manager enabling RCE
CVE-2024-32841 7.2 - High - November 13, 2024

SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote authenticated attacker with admin privileges to achieve remote code execution.

Ivanti Endpoint Manager SQL Injection Vulnerability
CVE-2024-34781 7.2 - High - November 13, 2024

SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote authenticated attacker with admin privileges to achieve remote code execution.