Latest ivanti endpoint manager Vulnerabilities

CVE-2023-39336
An unspecified SQL Injection vulnerability in Ivanti Endpoint Manager released prior to 2022 SU 5 allows an attacker with access to the internal network to execute arbitrary SQL queries and retrieve ...
Ivanti Endpoint Management=2022 Service Update 5
Ivanti Endpoint Manager Mobile
Ivanti Sentry
Ivanti Avalanche
Perforce Helix Core Server
Apache Struts
and 8 more
CVE-2023-35084
Unsafe Deserialization of User Input could lead to Execution of Unauthorized Operations in Ivanti Endpoint Manager 2022 su3 and all previous versions, which could allow an attacker to execute commands...
Ivanti Endpoint Manager<2022
Ivanti Endpoint Manager=2022
Ivanti Endpoint Manager=2022-su1
Ivanti Endpoint Manager=2022-su2
Ivanti Endpoint Manager=2022-su3
CVE-2023-35083
Allows an authenticated attacker with network access to read arbitrary files on Endpoint Manager recently discovered on 2022 SU3 and all previous versions potentially leading to the leakage of sensiti...
Ivanti Endpoint Manager<2022
Ivanti Endpoint Manager=2022
Ivanti Endpoint Manager=2022-su1
Ivanti Endpoint Manager=2022-su2
Ivanti Endpoint Manager=2022-su3
CVE-2023-38344
An issue was discovered in Ivanti Endpoint Manager before 2022 SU4. A file disclosure vulnerability exists in the GetFileContents SOAP action exposed via /landesk/managementsuite/core/core.secure/OsdS...
Ivanti Endpoint Manager<2022
Ivanti Endpoint Manager=2022
Ivanti Endpoint Manager=2022-su1
Ivanti Endpoint Manager=2022-su2
Ivanti Endpoint Manager=2022-su3
CVE-2023-38343
An XXE (XML external entity injection) vulnerability exists in the CSEP component of Ivanti Endpoint Manager before 2022 SU4. External entity references are enabled in the XML parser configuration. Ex...
Ivanti Endpoint Manager<2022
Ivanti Endpoint Manager=2022
Ivanti Endpoint Manager=2022-su1
Ivanti Endpoint Manager=2022-su2
Ivanti Endpoint Manager=2022-su3
CVE-2023-35077
An out-of-bounds write vulnerability on windows operating systems causes the Ivanti AntiVirus Product to crash. Update to Ivanti AV Product version 7.9.1.285 or above.
Ivanti Endpoint Manager<7.9.1.285
Microsoft Windows
CVE-2023-28324
A improper input validation vulnerability exists in Ivanti Endpoint Manager 2022 and below that could allow privilege escalation or remote code execution.
Ivanti Endpoint Manager<=2022
CVE-2023-28323
A deserialization of untrusted data exists in EPM 2022 Su3 and all prior versions that allows an unauthenticated user to elevate rights. This exploit could potentially be used in conjunction with othe...
Ivanti Endpoint Manager<2022
Ivanti Endpoint Manager=2022
Ivanti Endpoint Manager=2022-su1
Ivanti Endpoint Manager=2022-su2
Ivanti Endpoint Manager=2022-su3
CVE-2022-27773
A privilege escalation vulnerability is identified in Ivanti EPM (LANDesk Management Suite) that allows a user to execute commands with elevated privileges.
Ivanti Endpoint Manager<2021.1
Ivanti Endpoint Manager=2021.1-su1
Ivanti Endpoint Manager=2021.1-su2
Ivanti Endpoint Manager=2022-su1
CVE-2022-30121
The “LANDesk(R) Management Agent” service exposes a socket and once connected, it is possible to launch commands only for signed executables. This is a security bug that allows a limited user to get e...
Ivanti Endpoint Manager<2021.1.1
Ivanti Endpoint Manager=2021.1.1
Ivanti Endpoint Manager=2021.1.1-su1
Ivanti Endpoint Manager=2021.1.1-su2
CVE-2020-13772
In /ldclient/ldprov.cgi in Ivanti Endpoint Manager through 2020.1.1, an attacker is able to disclose information about the server operating system, local pathnames, and environment variables with no a...
Ivanti Endpoint Manager<=2020.1.1
CVE-2020-13773
Ivanti Endpoint Manager through 2020.1.1 allows XSS via /LDMS/frm_splitfrm.aspx, /LDMS/licensecheck.aspx, /LDMS/frm_splitcollapse.aspx, /LDMS/alert_log.aspx, /LDMS/ServerList.aspx, /LDMS/frm_coremainf...
Ivanti Endpoint Manager<=2020.1.1
CVE-2020-13769
LDMS/alert_log.aspx in Ivanti Endpoint Manager through 2020.1 allows SQL Injection via a /remotecontrolauth/api/device request.
Ivanti Endpoint Manager<=2020.1
CVE-2020-13774
An unrestricted file-upload issue in EditLaunchPadDialog.aspx in Ivanti Endpoint Manager 2019.1 and 2020.1 allows an authenticated attacker to gain remote code execution by uploading a malicious aspx ...
Ivanti Endpoint Manager=2019.1
Ivanti Endpoint Manager=2020.1
CVE-2020-13770
Several services are accessing named pipes in Ivanti Endpoint Manager through 2020.1.1 with default or overly permissive security attributes; as these services run as user ‘NT AUTHORITY\SYSTEM’, the i...
Ivanti Endpoint Manager<=2020.1.1
CVE-2020-13771
Various components in Ivanti Endpoint Manager through 2020.1.1 rely on Windows search order when loading a (nonexistent) library file, allowing (under certain conditions) one to gain code execution (a...
Ivanti Endpoint Manager<=2020.1.1

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203