Unauthenticated SQL Injection Vulnerability Affects Ivanti EPM

CVE-2024-29827
9.6CRITICAL

Key Information

Vendor
Ivanti
Status
Epm
Vendor
CVE Published:
31 May 2024

Summary

An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an unauthenticated attacker within the same network to execute arbitrary code.

Affected Version(s)

EPM <= 2022 SU5

CVSS V3.1

Score:
9.6
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Adjacent Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Changed

Timeline

  • Risk change from: null to: 9.6 - (CRITICAL)

  • Vulnerability published.

  • Vulnerability Reserved.

Collectors

NVD DatabaseMitre Database
.