Ivanti endpoint manager
This hub aggregates every CVE we track for Ivanti endpoint manager, a product in the security products space. Use it to gauge the current risk picture and drill into individual advisories.
74
CVEs tracked
9
Critical
49
High
5
In CISA KEV
Severity distribution
HIGH49MEDIUM16CRITICAL9
Monthly trend
0
0
16
0
11
0
16
0
0
0
0
0
1
0
2
12
0
1
0
2
0
0
0
0
2024-072026-06
Latest CVEs
The 15 most recently published vulnerabilities affecting Ivanti endpoint manager.
- CVE-2026-1603An authentication bypass in Ivanti Endpoint Manager before version 2024 SU5 allows a remote unauthenticated attacker to leak specific stored credential data.KEV8.6
- CVE-2026-1602SQL injection in Ivanti Endpoint Manager before version 2024 SU5 allows a remote authenticated attacker to read arbitrary data from the database.6.5
- CVE-2025-10573Stored XSS in Ivanti Endpoint Manager prior to version 2024 SU4 SR1 allows a remote unauthenticated attacker to execute arbitrary JavaScript in the context of an administrator session. User interac...9.6
- CVE-2025-62384SQL injection in Ivanti Endpoint Manager before version 2024 SU5 allows a remote authenticated attacker to read arbitrary data from the database.6.5
- CVE-2025-62386SQL injection in Ivanti Endpoint Manager before version 2024 SU5 allows a remote authenticated attacker to read arbitrary data from the database.6.5
- CVE-2025-62383SQL injection in Ivanti Endpoint Manager before version 2024 SU5 allows a remote authenticated attacker to read arbitrary data from the database.6.5
- CVE-2025-62391SQL injection in Ivanti Endpoint Manager before version 2024 SU5 allows a remote authenticated attacker to read arbitrary data from the database.6.5
- CVE-2025-62385SQL injection in Ivanti Endpoint Manager before version 2024 SU5 allows a remote authenticated attacker to read arbitrary data from the database.6.5
- CVE-2025-62387SQL injection in Ivanti Endpoint Manager before version 2024 SU5 allows a remote authenticated attacker to read arbitrary data from the database.6.5
- CVE-2025-62388SQL injection in Ivanti Endpoint Manager before version 2024 SU5 allows a remote authenticated attacker to read arbitrary data from the database.6.5
- CVE-2025-62389SQL injection in Ivanti Endpoint Manager before version 2024 SU5 allows a remote authenticated attacker to read arbitrary data from the database.6.5
- CVE-2025-62390SQL injection in Ivanti Endpoint Manager before version 2024 SU5 allows a remote authenticated attacker to read arbitrary data from the database.6.5
- CVE-2025-62392SQL injection in Ivanti Endpoint Manager before version 2024 SU5 allows a remote authenticated attacker to read arbitrary data from the database.6.5
- CVE-2025-11623SQL injection in Ivanti Endpoint Manager before version 2024 SU5 allows a remote authenticated attacker to read arbitrary data from the database.6.5
- CVE-2025-9713Path traversal in Ivanti Endpoint Manager before version 2024 SU4 allows a remote unauthenticated attacker to achieve remote code execution. User interaction is required.8.8
Product normalization is registry-driven with AI assist and human review. How it works