Ivanti: >> Endpoint Manager Mobile >> 12.7.0.0 Security Vulnerabilities
CVE-2026-6973
An Improper Input Validation in Ivanti EPMM before versions 12.6.1.1, 12.7.0.1, and 12.8.0.1 allows a remotely authenticated user with administrative access to achieve remote code execution.
Known exploited
CVSS Score
7.2
EPSS Score
0.059
Published
2026-05-07
Improper certificate validation in Ivanti EPMM before versions 12.6.1.1, 12.7.0.1, and 12.8.0.1 allows a remote unauthenticated attacker to enroll a device belonging to a restricted set of unenrolled devices, leading to information disclosure about EPMM appliance and impacting on the integrity of the newly enrolled device identity.
CVSS Score
7.4
EPSS Score
0.001
Published
2026-05-07
An Improper Access Control vulnerability in Ivanti EPMM before versions 12.6.1.1, 12.7.0.1, and 12.8.0.1 allows a remote authenticated attacker to gain administrative access.
CVSS Score
8.8
EPSS Score
0.005
Published
2026-05-07
An Improper Certificate Validation in Ivanti EPMM before versions 12.6.1.1, 12.7.0.1, and 12.8.0.1 allows a remote unauthenticated attacker to impersonate registered Sentry hosts and obtain valid CA-signed client certificates.
CVSS Score
8.9
EPSS Score
0.001
Published
2026-05-07
An Improper Access Control in Ivanti EPMM before versions 12.6.1.1, 12.7.0.1, and 12.8.0.1 allows a remote unauthenticated attacker to invoke arbitrary methods.
CVSS Score
7.0
EPSS Score
0.003
Published
2026-05-07
CVE-2026-1281
A code injection in Ivanti Endpoint Manager Mobile allowing attackers to achieve unauthenticated remote code execution.
Known exploited
CVSS Score
9.8
EPSS Score
0.816
Published
2026-01-29
CVE-2026-1340
A code injection in Ivanti Endpoint Manager Mobile allowing attackers to achieve unauthenticated remote code execution.
Known exploited
CVSS Score
9.8
EPSS Score
0.739
Published
2026-01-29