Remote Code Execution Vulnerability in Ivanti Endpoint Manager
CVE-2024-34784

7.2HIGH

Key Information:

Vendor: Ivanti
Status: Epm
Vendor: CVE Published:; 13 November 2024

What is CVE-2024-34784?

A SQL injection vulnerability exists in Ivanti Endpoint Manager, which allows a remote authenticated attacker with administrative privileges to execute arbitrary code remotely. This weakness affects versions of the software prior to the security updates released in November 2024 and November 2022. Proper caution should be exercised by users to mitigate potential risks associated with this vulnerability.

Affected Version(s)

EPM 2024 November Security Update

EPM 2022 SU6 November Security Update

References

https://forums.ivanti.com/s/article/Security-Advisory-EPM...

CVSS V3.1

Score:

7.2

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 13, 2024