Ivanti endpoint manager
This hub aggregates every CVE we track for Ivanti endpoint manager, a product in the security products space. Use it to gauge the current risk picture and drill into individual advisories.
55
CVEs tracked
6
Critical
34
High
3
In CISA KEV
Severity distribution
HIGH34MEDIUM15CRITICAL6
Monthly trend
0
15
0
11
0
16
0
0
0
0
0
0
0
0
11
0
1
0
0
0
0
0
0
0
2024-082026-07
Latest CVEs
The 15 most recently published vulnerabilities affecting Ivanti endpoint manager.
- CVE-2025-10573Stored XSS in Ivanti Endpoint Manager prior to version 2024 SU4 SR1 allows a remote unauthenticated attacker to execute arbitrary JavaScript in the context of an administrator session. User interac...9.6
- CVE-2025-62384SQL injection in Ivanti Endpoint Manager before version 2024 SU5 allows a remote authenticated attacker to read arbitrary data from the database.6.5
- CVE-2025-62386SQL injection in Ivanti Endpoint Manager before version 2024 SU5 allows a remote authenticated attacker to read arbitrary data from the database.6.5
- CVE-2025-62383SQL injection in Ivanti Endpoint Manager before version 2024 SU5 allows a remote authenticated attacker to read arbitrary data from the database.6.5
- CVE-2025-62391SQL injection in Ivanti Endpoint Manager before version 2024 SU5 allows a remote authenticated attacker to read arbitrary data from the database.6.5
- CVE-2025-62385SQL injection in Ivanti Endpoint Manager before version 2024 SU5 allows a remote authenticated attacker to read arbitrary data from the database.6.5
- CVE-2025-62387SQL injection in Ivanti Endpoint Manager before version 2024 SU5 allows a remote authenticated attacker to read arbitrary data from the database.6.5
- CVE-2025-62388SQL injection in Ivanti Endpoint Manager before version 2024 SU5 allows a remote authenticated attacker to read arbitrary data from the database.6.5
- CVE-2025-62389SQL injection in Ivanti Endpoint Manager before version 2024 SU5 allows a remote authenticated attacker to read arbitrary data from the database.6.5
- CVE-2025-62390SQL injection in Ivanti Endpoint Manager before version 2024 SU5 allows a remote authenticated attacker to read arbitrary data from the database.6.5
- CVE-2025-62392SQL injection in Ivanti Endpoint Manager before version 2024 SU5 allows a remote authenticated attacker to read arbitrary data from the database.6.5
- CVE-2025-11623SQL injection in Ivanti Endpoint Manager before version 2024 SU5 allows a remote authenticated attacker to read arbitrary data from the database.6.5
- CVE-2024-13162SQL injection in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote authenticated attacker with admin privileges to achieve remote cod...7.2
- CVE-2024-13163Deserialization of untrusted data in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to achieve remote cod...7.8
- CVE-2024-13164An uninitialized resource in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a local authenticated attacker to escalate their privileges.7.8
Product normalization is registry-driven with AI assist and human review. How it works