Endpoint manager mobile
This hub aggregates every CVE we track for Endpoint manager mobile, a product in the security products space. Use it to gauge the current risk picture and drill into individual advisories.
19
CVEs tracked
5
Critical
9
High
4
In CISA KEV
Severity distribution
HIGH9MEDIUM5CRITICAL5
Monthly trend
4
0
1
0
0
0
0
0
0
0
0
0
0
0
4
0
0
0
0
0
0
2
0
0
2024-082026-07
Latest CVEs
The 15 most recently published vulnerabilities affecting Endpoint manager mobile.
- CVE-2026-7821Improper certificate validation in Ivanti EPMM before versions 12.6.1.1, 12.7.0.1, and 12.8.0.1 allows a remote unauthenticated attacker to enroll a device belonging to a restricted set of unenr...7.4
- CVE-2026-6973An Improper Input Validation in Ivanti EPMM before versions 12.6.1.1, 12.7.0.1, and 12.8.0.1 allows a remotely authenticated user with administrative access to achieve remote code execution.KEV7.2
- CVE-2025-10986Path traversal in the admin panel of Ivanti EPMM before version 12.6.0.2, 12.5.0.4, and 12.4.0.4 allows a remote authenticated attacker with admin privileges to write data in unintended locations o...4.7
- CVE-2025-10985OS command injection in the admin panel of Ivanti EPMM before version 12.6.0.2, 12.5.0.4, and 12.4.0.4 allows a remote authenticated attacker with admin privileges to achieve remote code execution.7.2
- CVE-2025-10243OS command injection in the admin panel of Ivanti EPMM before version 12.6.0.2, 12.5.0.4, and 12.4.0.4 allows a remote authenticated attacker with admin privileges to achieve remote code execution.7.2
- CVE-2025-10242OS command injection in the admin panel of Ivanti EPMM before version 12.6.0.2, 12.5.0.4, and 12.4.0.4 allows a remote authenticated attacker with admin privileges to achieve remote code execution.7.2
- CVE-2024-7612Insecure permissions in Ivanti EPMM before 12.1.0.4 allow a local authenticated attacker to modify sensitive application components.8.8
- CVE-2024-36130An insufficient authorization vulnerability in web component of EPMM prior to 12.1.0.1 allows an unauthorized attacker within the network to execute arbitrary commands on the underlying operating s...9.8
- CVE-2024-34788An improper authentication vulnerability in web component of EPMM prior to 12.1.0.1 allows a remote malicious user to access potentially sensitive information6.5
- CVE-2024-36132Insufficient verification of authentication controls in EPMM prior to 12.1.0.1 allows a remote attacker to bypass authentication and access sensitive resources.7.5
- CVE-2024-36131An insecure deserialization vulnerability in web component of EPMM prior to 12.1.0.1 allows an authenticated remote attacker to execute arbitrary commands on the underlying operating system of the ...8.8
- CVE-2024-22026A local privilege escalation vulnerability in EPMM before 12.1.0.0 allows an authenticated local user to bypass shell restriction and execute arbitrary commands on the appliance.6.7
- CVE-2023-46807An SQL Injection vulnerability in web component of EPMM before 12.1.0.0 allows an authenticated user with appropriate privilege to access or modify data in the underlying database.6.7
- CVE-2023-46806An SQL Injection vulnerability in a web component of EPMM versions before 12.1.0.0 allows an authenticated user with appropriate privilege to access or modify data in the underlying database. 6.7
- CVE-2023-39337A security vulnerability in EPMM Versions 11.10, 11.9 and 11.8 older allows a threat actor with knowledge of an enrolled device identifier to access and extract sensitive information, including dev...9.1
Product normalization is registry-driven with AI assist and human review. How it works