Unauthenticated SQL Injection Vulnerability Affects Ivanti EPM

CVE-2024-29826
8.8HIGH

Key Information

Vendor
Ivanti
Status
Epm
Vendor
CVE Published:
31 May 2024

Summary

An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an unauthenticated attacker within the same network to execute arbitrary code.

Affected Version(s)

EPM <= 2022 SU5

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Adjacent Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Risk change from: null to: 9.6 - (CRITICAL)

  • Vulnerability published.

  • Vulnerability Reserved.

Collectors

NVD DatabaseMitre Database
.