Remote Code Execution Vulnerability in Ivanti EPM Before 2022 SU6 and 2024 September Update
CVE-2024-34785

7.2HIGH

Key Information:

Vendor
Ivanti
Status
Vendor
CVE Published:
12 September 2024

Summary

An unspecified vulnerability in Ivanti Endpoint Manager prior to the 2022 SU6 update and the September 2024 release can be exploited through SQL injection. This weakness allows a remote authenticated user with administrative privileges to execute arbitrary code on the affected system. Malicious actors can leverage this vulnerability to compromise the integrity and confidentiality of the system, highlighting the need for prompt updates and security measures.

Affected Version(s)

EPM 2024 September Security Update

EPM 2022 SU6

References

CVSS V3.1

Score:
7.2
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Collectors

NVD DatabaseMitre Database
.