📦

endpoint_manager

Vendor: ivanti

Login to add this product to WatchStack
Actively Exploited 5 CISA KEV List
PoC / Exploits 4 Code Available
Total RCEs 52 Remote Access
Total CVEs 203 Total Indexed
Avg. EPSS 14.28% Exploit Prob.
Latest CVE CVE-2026-8111 May 12

Security Vulnerability Index

Page 5 / 21
7.5 CVSS
CVE-2024-13166

An out-of-bounds write in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to cause a denial of service.

EPSS: 2.14%
7.5 CVSS
CVE-2024-13165

An out-of-bounds write in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to cause a denial of service.

EPSS: 1.53%
7.8 CVSS
CVE-2024-13164

An uninitialized resource in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a local authenticated attacker to escalate their privileges.

EPSS: 0.17%
7.8 CVSS
CVE-2024-13163
RCE

Deserialization of untrusted data in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to achieve remote code execution. Local user interaction is required.

EPSS: 32.28%
7.2 CVSS
CVE-2024-13162

SQL injection in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote authenticated attacker with admin privileges to achieve remote code execution. This CVE addresses incomplete fixes from CVE-2024-32848.

EPSS: 50.30%
Critical Target
9.8 CVSS
CVE-2024-13161

Absolute path traversal in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to leak sensitive information.

EPSS: 91.77%
Critical Target
9.8 CVSS
CVE-2024-13160

Absolute path traversal in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to leak sensitive information.

EPSS: 93.81%
Critical Target
9.8 CVSS
CVE-2024-13159
Exploit Found

Absolute path traversal in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to leak sensitive information.

EPSS: 94.05%
7.2 CVSS
CVE-2024-13158

An unbounded resource search path in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote authenticated attacker with admin privileges to achieve remote code execution.

EPSS: 26.96%
9.8 CVSS
CVE-2024-10811

Absolute path traversal in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to leak sensitive information.

EPSS: 6.19%