Unauthenticated SQL Injection Vulnerability Affects Ivanti EPM
CVE-2024-29826
8.8HIGH
Summary
An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an unauthenticated attacker within the same network to execute arbitrary code.
Affected Version(s)
EPM <= 2022 SU5
CVSS V3.1
Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Adjacent Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged
Timeline
Risk change from: null to: 9.6 - (CRITICAL)
Vulnerability published.
Vulnerability Reserved.
Collectors
NVD DatabaseMitre Database