Arbitrary Code Execution Vulnerability in Core Server

CVE-2024-29846

8.4HIGH

Key Information

Vendor: Ivanti
Status: Epm
Vendor: CVE Published:; 31 May 2024

Summary

An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an authenticated attacker within the same network to execute arbitrary code.

Affected Version(s)

EPM <= 2022 SU5

CVSS V3.1

Score:

8.4

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Changed

Timeline

Risk change from: null to: 8.4 - (HIGH)
May 31, 2024
Vulnerability published.
May 31, 2024
Vulnerability Reserved.
Mar 21, 2024

Collectors

NVD DatabaseMitre Database

.