Unauthenticated SQL Injection Vulnerability Affects Ivanti EPM
CVE-2024-29822

8.8HIGH

Key Information:

Vendor
Ivanti
Status
Epm
Vendor
CVE Published:
31 May 2024

Badges

πŸ“° News Worthy

Summary

An SQL injection vulnerability affects the Core server component of Ivanti Endpoint Manager (EPM), allowing an unauthenticated attacker on the same network to execute arbitrary commands. This vulnerability exposes the affected versions to significant risks, where attackers may manipulate SQL queries to gain unauthorized access to sensitive system components and potentially execute harmful code. Organizations using affected versions are advised to assess their security posture and apply necessary mitigations to protect their environments.

Affected Version(s)

EPM 2022 SU5

News Articles

favicon imageTechidee.nl

Ivanti herstelt kritieke fouten bij de uitvoering van externe code in Endpoint Manager

Ivanti heeft dinsdag oplossingen uitgerold om meerdere kritieke beveiligingsfouten in Endpoint Manager (EPM) aan te pakken, die onder bepaalde omstandigheden kunnen worden misbruikt om code op afstand uit te voeren. Zes van de tien kwetsbaarheden – van CVE-2024-29822 tot en ... Lees verder

8 months ago

References

https://forums.ivanti.com/s/article/Security-Advisory-May...

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Adjacent Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • πŸ“°

    First article discovered by Techidee.nl

  • Vulnerability Reserved

Collectors

NVD DatabaseMitre Database1 News Article(s)
.