Arbitrary Code Execution Vulnerability in Core Server
CVE-2024-29830
8HIGH
What is CVE-2024-29830?
An unspecified SQL Injection vulnerability exists in the Core server of Ivanti Endpoint Manager (EPM), specifically in version 2022 SU5 and prior. This vulnerability allows an authenticated attacker operating within the same network to run arbitrary code, potentially compromising system integrity and data security. Given the nature of SQL Injection vulnerabilities, an attacker could exploit this to manipulate database queries, access sensitive information, or perform unauthorized operations.
Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.
Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.
Affected Version(s)
EPM 2022 SU5
References
CVSS V3.1
Score:
8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Adjacent Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved