SQL Injection Vulnerability in Ivanti Endpoint Manager Products
CVE-2024-13162

Currently unrated

Key Information:

Vendor: Ivanti
Vendor: CVE Published:; 14 January 2025

Summary

A SQL injection flaw exists in Ivanti Endpoint Manager versions prior to the January 2025 Security Update. This vulnerability allows a remote authenticated attacker, possessing admin privileges, to achieve remote code execution by exploiting incomplete fixes from a previous vulnerability. Organizations using affected versions must update their systems promptly to mitigate the potential risk of unauthorized system control.

References

https://forums.ivanti.com/s/article/Security-Advisory-EPM...

Timeline

Vulnerability published
Jan 14, 2025