Vulnerability Database

296,172

Total vulnerabilities in the database

CVE-2024-8441

An uncontrolled search path in the agent of Ivanti EPM before 2022 SU6, or the 2024 September update allows a local authenticated attacker with admin privileges to escalate their privileges to SYSTEM.

  • Published: Sep 10, 2024
  • Updated: May 4, 2025
  • CVE: CVE-2024-8441
  • Severity: Medium
  • Exploit:

CVSS v3:

  • Severity: Medium
  • Score: 6.7
  • AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CWEs:

Software From Fixed in
ivanti / endpoint_manager 2022-su1 2022-su1.x
ivanti / endpoint_manager - 2022
ivanti / endpoint_manager 2022 2022.x
ivanti / endpoint_manager 2022-su2 2022-su2.x
ivanti / endpoint_manager 2022-su3 2022-su3.x
ivanti / endpoint_manager 2022-su4 2022-su4.x
ivanti / endpoint_manager 2022-su5 2022-su5.x
ivanti / endpoint_manager 2024 2024.x