Unauthenticated SQL Injection Vulnerability Affects Ivanti EPM

CVE-2024-29822

9.6CRITICAL

Key Information

Vendor: Ivanti
Status: Epm
Vendor: CVE Published:; 31 May 2024

Badges

📰 News Worthy

Summary

An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an unauthenticated attacker within the same network to execute arbitrary code.

Affected Version(s)

EPM <= 2022 SU5

News Articles

Techidee.nl

CVE-2024-29822

Ivanti herstelt kritieke fouten bij de uitvoering van externe code in Endpoint Manager

Ivanti heeft dinsdag oplossingen uitgerold om meerdere kritieke beveiligingsfouten in Endpoint Manager (EPM) aan te pakken, die onder bepaalde omstandigheden kunnen worden misbruikt om code op afstand uit te voeren. Zes van de tien kwetsbaarheden – van CVE-2024-29822 tot en ... Lees verder

4 months ago

CVSS V3.1

Score:

9.6

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Timeline

Risk change from: null to: 9.6 - (CRITICAL)
May 31, 2024
Vulnerability published.
May 31, 2024
First article discovered by Techidee.nl
May 23, 2024
Vulnerability Reserved.
Mar 20, 2024

Collectors

NVD DatabaseMitre Database1 News Article(s)