📦 Endpoint Manager
by Ivanti
🔍 What is Endpoint Manager?
Description coming soon...
🛡️ Security Overview
Click on a severity to filter vulnerabilities
⚠️ Known Vulnerabilities
This stored cross-site scripting (XSS) vulnerability in Ivanti Endpoint Manager allows unauthenticated remote attackers to inject malicious JavaScript that executes when administrators view compromise...
CVE-2024-13159 is an absolute path traversal vulnerability in Ivanti Endpoint Manager (EPM) that allows remote unauthenticated attackers to access sensitive files on the server. This affects Ivanti EP...
This vulnerability allows remote unauthenticated attackers to perform absolute path traversal attacks on Ivanti Endpoint Manager (EPM) systems, potentially leaking sensitive information like credentia...
This vulnerability allows remote unauthenticated attackers to perform absolute path traversal attacks on Ivanti Endpoint Manager (EPM) systems, potentially leaking sensitive information like credentia...
This critical SQL injection vulnerability in Ivanti Endpoint Manager allows remote unauthenticated attackers to execute arbitrary SQL commands, potentially leading to remote code execution. All organi...
This critical vulnerability allows remote unauthenticated attackers to execute arbitrary code on Ivanti EPM systems by exploiting insecure deserialization in the agent portal. Organizations using Ivan...
CVE-2023-35084 is a critical remote code execution vulnerability in Ivanti Endpoint Manager (formerly LANDesk Management Suite) caused by unsafe deserialization of untrusted data. Attackers can exploi...
CVE-2023-28324 is an improper input validation vulnerability in Ivanti Endpoint Manager that could allow attackers to escalate privileges or execute arbitrary code. This affects Ivanti Endpoint Manage...
This vulnerability allows authenticated attackers to upload malicious ASPX files to Ivanti Endpoint Manager servers, leading to remote code execution. Attackers can gain full control of affected syste...
An authentication bypass vulnerability in Ivanti Endpoint Manager allows remote unauthenticated attackers to access stored credential data. This affects all Ivanti Endpoint Manager installations befor...
CVE-2025-13661 is a path traversal vulnerability in Ivanti Endpoint Manager that allows authenticated remote attackers to write arbitrary files outside intended directories. This affects Ivanti Endpoi...
CVE-2025-13662 is a critical vulnerability in Ivanti Endpoint Manager's patch management component that allows remote unauthenticated attackers to execute arbitrary code by exploiting improper cryptog...
This vulnerability in Ivanti Endpoint Manager allows remote, unauthenticated attackers to write arbitrary files to the server, which could lead to remote code execution. User interaction is required f...
This vulnerability allows local authenticated attackers to write arbitrary files anywhere on disk due to insecure default permissions in Ivanti Endpoint Manager agent. It affects organizations using I...
CVE-2025-9713 is a path traversal vulnerability in Ivanti Endpoint Manager (EPM) that allows remote unauthenticated attackers to achieve remote code execution when user interaction occurs. This affect...
This vulnerability allows a local authenticated attacker to exploit insecure deserialization in Ivanti Endpoint Manager to escalate their privileges. Attackers with existing local access can gain high...
This vulnerability allows remote unauthenticated attackers to execute arbitrary code on Ivanti Endpoint Manager systems by exploiting insufficient filename validation. User interaction is required for...
This vulnerability in Ivanti Endpoint Manager allows a local authenticated attacker to decrypt other users' passwords due to improper encryption implementation. It affects Ivanti EPM versions before 2...
This vulnerability allows remote unauthenticated attackers to execute arbitrary code on Ivanti Endpoint Manager (EPM) systems by exploiting improper signature verification. Attackers can achieve remot...
An out-of-bounds write vulnerability in Ivanti Endpoint Manager (EPM) allows remote unauthenticated attackers to cause denial of service by crashing the service. This affects Ivanti EPM 2024 versions ...
This vulnerability allows a local authenticated attacker to perform an out-of-bounds read in Ivanti Endpoint Manager (EPM), potentially leading to privilege escalation. It affects Ivanti EPM 2024 and ...
This vulnerability allows remote unauthenticated attackers to cause denial of service through an out-of-bounds write in Ivanti EPM. It affects Ivanti EPM 2024 versions before the January-2025 security...
This vulnerability allows remote unauthenticated attackers to execute arbitrary code on Ivanti Endpoint Manager (EPM) systems by exploiting insufficient filename validation. Attackers can achieve remo...
This vulnerability allows remote unauthenticated attackers to execute arbitrary code on Ivanti Endpoint Manager (EPM) systems through deserialization of untrusted data. Attackers can achieve remote co...
An uninitialized resource vulnerability in Ivanti Endpoint Manager (EPM) allows local authenticated attackers to escalate privileges. This affects Ivanti EPM 2024 and 2022 SU6 versions before the Janu...
An out-of-bounds write vulnerability in Ivanti Endpoint Manager (EPM) allows remote unauthenticated attackers to cause denial of service by crashing the service. This affects Ivanti EPM 2024 and 2022 ...
An out-of-bounds write vulnerability in Ivanti Endpoint Manager (EPM) allows remote unauthenticated attackers to cause denial of service by crashing the service. This affects Ivanti EPM 2024 and 2022 ...
An out-of-bounds write vulnerability in Ivanti Endpoint Manager (EPM) allows remote unauthenticated attackers to cause denial of service by crashing the service. This affects Ivanti EPM 2024 versions ...
This vulnerability allows remote authenticated attackers with admin privileges to execute arbitrary code on Ivanti EPM systems by exploiting an unbounded resource search path. It affects Ivanti EPM 20...
This SQL injection vulnerability in Ivanti Endpoint Manager allows authenticated administrators to execute arbitrary SQL commands, potentially leading to remote code execution. Organizations using Iva...
This SQL injection vulnerability in Ivanti Endpoint Manager allows authenticated administrators to execute arbitrary SQL commands, potentially leading to remote code execution. Organizations using Iva...
This CVE describes a path traversal vulnerability in Ivanti Endpoint Manager that allows a local unauthenticated attacker to execute arbitrary code. User interaction is required for exploitation. Affe...
This SQL injection vulnerability in Ivanti Endpoint Manager allows authenticated administrators to execute arbitrary SQL commands, potentially leading to remote code execution. It affects Ivanti EPM v...
This SQL injection vulnerability in Ivanti Endpoint Manager allows authenticated administrators to execute arbitrary SQL commands, potentially leading to remote code execution. Organizations using Iva...
This SQL injection vulnerability in Ivanti Endpoint Manager allows authenticated administrators to execute arbitrary SQL commands, potentially leading to remote code execution. It affects Ivanti EPM v...
This CVE describes a SQL injection vulnerability in Ivanti Endpoint Manager that allows a local unauthenticated attacker to execute arbitrary code. User interaction is required for exploitation. Organ...
This SQL injection vulnerability in Ivanti Endpoint Manager allows authenticated administrators to execute arbitrary SQL commands, potentially leading to remote code execution. Organizations using Iva...
This SQL injection vulnerability in Ivanti Endpoint Manager allows authenticated administrators to execute arbitrary SQL commands, potentially leading to remote code execution. It affects Ivanti EPM v...
This SQL injection vulnerability in Ivanti Endpoint Manager allows authenticated administrators to execute arbitrary SQL commands, potentially leading to remote code execution. It affects Ivanti EPM v...
An unauthenticated attacker can exploit an XML External Entity (XXE) vulnerability in Ivanti EPM's provisioning web service to read sensitive files, including API secrets. This affects Ivanti EPM vers...
This is an SQL injection vulnerability in Ivanti Endpoint Manager (EPM) that allows authenticated administrators to execute arbitrary SQL commands, potentially leading to remote code execution. It aff...
This SQL injection vulnerability in Ivanti Endpoint Manager allows authenticated administrators to execute arbitrary SQL commands, potentially leading to remote code execution. It affects Ivanti EPM v...
This SQL injection vulnerability in Ivanti EPM Core server allows authenticated attackers on the same network to execute arbitrary SQL commands, potentially leading to remote code execution. It affect...
An unauthenticated SQL injection vulnerability in Ivanti EPM Core server allows attackers on the same network to execute arbitrary code. This affects Ivanti EPM 2022 SU5 and earlier versions. Attacker...
An unauthenticated SQL injection vulnerability in Ivanti EPM Core server allows attackers on the same network to execute arbitrary code. This affects Ivanti EPM 2022 SU5 and earlier versions, potentia...
An authenticated SQL injection vulnerability in Ivanti EPM Core server allows attackers on the same network to execute arbitrary code. This affects Ivanti EPM 2022 SU5 and earlier versions. Attackers ...
This vulnerability allows a low-privilege local user with the Ivanti EPM Agent installed to exploit a buffer overflow and execute arbitrary code with elevated system permissions. It affects Ivanti End...
An unauthenticated SQL injection vulnerability in Ivanti EPM Core server allows attackers on the same network to execute arbitrary code. This affects Ivanti EPM 2022 SU5 and earlier versions. Attacker...
This XXE vulnerability in Ivanti Endpoint Manager's CSEP component allows attackers to read arbitrary files or perform SSRF attacks by exploiting improperly configured XML parsing. It affects Ivanti E...
This SQL injection vulnerability in Ivanti Endpoint Manager allows authenticated attackers to read arbitrary data from the database. It affects all Ivanti EPM installations before version 2024 SU5. At...
This SQL injection vulnerability in Ivanti Endpoint Manager allows authenticated attackers to read arbitrary database data. Organizations using Ivanti EPM versions before 2024 SU5 are affected. The vu...
This SQL injection vulnerability in Ivanti Endpoint Manager allows authenticated attackers to read arbitrary data from the database. Organizations using Ivanti EPM versions before 2024 SU5 are affecte...
This SQL injection vulnerability in Ivanti Endpoint Manager allows authenticated attackers to read arbitrary database data. Organizations using Ivanti EPM versions before 2024 SU5 are affected. The at...
This SQL injection vulnerability in Ivanti Endpoint Manager allows authenticated attackers to read arbitrary data from the database. Organizations using Ivanti EPM versions before 2024 SU5 are affecte...
This SQL injection vulnerability in Ivanti Endpoint Manager allows authenticated attackers to read arbitrary data from the database. Organizations using Ivanti EPM versions before 2024 SU5 are affecte...
This SQL injection vulnerability in Ivanti Endpoint Manager allows authenticated attackers to read arbitrary database data. Organizations using Ivanti EPM versions before 2024 SU5 are affected, potent...
This SQL injection vulnerability in Ivanti Endpoint Manager allows authenticated attackers to read arbitrary database data. Organizations using Ivanti EPM versions before 2024 SU5 are affected. Attack...
This SQL injection vulnerability in Ivanti Endpoint Manager allows authenticated attackers to read arbitrary database data. Organizations using Ivanti EPM versions before 2024 SU5 are affected. The at...
This SQL injection vulnerability in Ivanti Endpoint Manager allows authenticated attackers to read arbitrary data from the database. Organizations using Ivanti EPM versions before 2024 SU5 are affecte...
This SQL injection vulnerability in Ivanti Endpoint Manager allows authenticated attackers to read arbitrary data from the database. Organizations using Ivanti EPM versions before 2024 SU5 are affecte...
This vulnerability allows remote unauthenticated attackers to spoof the Network Isolation status of managed devices in Ivanti EPM. Attackers can make vulnerable systems appear isolated when they are n...
This vulnerability allows remote authenticated attackers to bypass authentication controls in Ivanti Endpoint Manager (EPM) and access restricted functionality. It affects Ivanti EPM versions before 2...