Shodan
Vulnerabilities
Vulnerable Software
Ivanti:  >> Endpoint Manager  >> 2020.1.1  Security Vulnerabilities
CVE-2025-11623
SQL injection in Ivanti Endpoint Manager allows a remote authenticated attacker to read arbitrary data from the database.
CVSS Score
6.5
EPSS Score
0.001
Published
2025-10-13
CVE-2025-9713
Path traversal in Ivanti Endpoint Manager allows a remote unauthenticated attacker to achieve remote code execution. User interaction is required.
CVSS Score
8.8
EPSS Score
0.003
Published
2025-10-13
CVE-2025-11622
Insecure deserialization in Ivanti Endpoint Manager allows a local authenticated attacker to escalate their privileges.
CVSS Score
7.8
EPSS Score
0.0
Published
2025-10-13
CVE-2025-9712
Insufficient filename validation in Ivanti Endpoint Manager before 2024 SU3 SR1 and 2022 SU8 SR2 allows a remote unauthenticated attacker to achieve remote code execution. User interaction is required.
CVSS Score
8.8
EPSS Score
0.002
Published
2025-09-09
CVE-2025-7037
SQL injection in Ivanti Endpoint Manager before version 2024 SU3 and 2022 SU8 Security Update 1 allows a remote authenticated attacker with admin privileges to read arbitrary data from the database
CVSS Score
7.2
EPSS Score
0.003
Published
2025-07-08
CVE-2025-6995
Improper use of encryption in the agent of Ivanti Endpoint Manager before version 2024 SU3 and 2022 SU8 Security Update 1 allows a local authenticated attacker to decrypt other users’ passwords.
CVSS Score
8.4
EPSS Score
0.0
Published
2025-07-08
CVE-2025-6996
Improper use of encryption in the agent of Ivanti Endpoint Manager before version 2024 SU3 and 2022 SU8 Security Update 1 allows a local authenticated attacker to decrypt other users’ passwords.
CVSS Score
8.4
EPSS Score
0.0
Published
2025-07-08
CVE-2025-22459
Improper certificate validation in Ivanti Endpoint Manager before version 2024 SU1 or before version 2022 SU7 allows a remote unauthenticated attacker to intercept limited traffic between clients and servers.
CVSS Score
4.8
EPSS Score
0.0
Published
2025-04-08
CVE-2025-22461
SQL injection in Ivanti Endpoint Manager before version 2024 SU1 or before version 2022 SU7 allows a remote authenticated attacker with admin privileges to achieve code execution.
CVSS Score
7.2
EPSS Score
0.018
Published
2025-04-08
CVE-2025-22464
An untrusted pointer dereference vulnerability in Ivanti Endpoint Manager before version 2024 SU1 or before version 2022 SU7 allows an attacker with local access to write arbitrary data into memory causing a denial-of-service condition.
CVSS Score
6.1
EPSS Score
0.001
Published
2025-04-08


Products
Pricing
Contact Us

Shodan ® - All rights reserved