Remote Code Execution Vulnerability in Ivanti EPM Before 2022 SU6 and 2024 September Update
CVE-2024-34785
7.2HIGH
Summary
An unspecified vulnerability in Ivanti Endpoint Manager prior to the 2022 SU6 update and the September 2024 release can be exploited through SQL injection. This weakness allows a remote authenticated user with administrative privileges to execute arbitrary code on the affected system. Malicious actors can leverage this vulnerability to compromise the integrity and confidentiality of the system, highlighting the need for prompt updates and security measures.
Affected Version(s)
EPM 2024 September Security Update
EPM 2022 SU6
References
CVSS V3.1
Score:
7.2
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved
Collectors
NVD DatabaseMitre Database