Loading HuntDB...
Hunt
Vulnerability Intelligence by wss.sh
Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News
Sign In Sign Up
ivanti epm

Version 2022 SU6

OTHER 11 CVEs

Known Vulnerabilities

CVE-2024-32840

An unspecified SQL injection in Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote authenticated attacker with admin privileges to achieve remote code execution.

CRITICAL CVSS 9.1 Published Sep 12, 2024

CVE-2024-34783

An unspecified SQL injection in Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote authenticated attacker with admin privileges to achieve remote code execution.

CRITICAL CVSS 9.1 Published Sep 12, 2024

CVE-2024-29847

Deserialization of untrusted data in the agent portal of Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote unauthenticated attacker to achieve remote code execution.

CRITICAL CVSS 10.0 Published Sep 12, 2024

CVE-2024-34779

An unspecified SQL injection in Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote authenticated attacker with admin privileges to achieve remote code execution.

CRITICAL CVSS 9.1 Published Sep 12, 2024

CVE-2024-37397

An External XML Entity (XXE) vulnerability in the provisioning web service of Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote unauthenticated attacker to leak API secrets.

HIGH CVSS 8.2 Published Sep 12, 2024

CVE-2024-32848

An unspecified SQL injection in Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote authenticated attacker with admin privileges to achieve remote code execution.

CRITICAL CVSS 9.1 Published Sep 12, 2024

CVE-2024-34785

An unspecified SQL injection in Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote authenticated attacker with admin privileges to achieve remote code execution.

CRITICAL CVSS 9.1 Published Sep 12, 2024

CVE-2024-32843

An unspecified SQL injection in Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote authenticated attacker with admin privileges to achieve remote code execution.

CRITICAL CVSS 9.1 Published Sep 12, 2024

CVE-2024-32845

An unspecified SQL injection in Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote authenticated attacker with admin privileges to achieve remote code execution.

CRITICAL CVSS 9.1 Published Sep 12, 2024

CVE-2024-32846

An unspecified SQL injection in Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote authenticated attacker with admin privileges to achieve remote code execution.

CRITICAL CVSS 9.1 Published Sep 12, 2024

CVE-2024-32842

An unspecified SQL injection in Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote authenticated attacker with admin privileges to achieve remote code execution.

CRITICAL CVSS 9.1 Published Sep 12, 2024