Unauthorized Execution of Arbitrary Code via SQL Injection in Ivanti EPM 2024 Flat

CVE-2024-37381

8.4HIGH

Key Information

Vendor: Ivanti
Status: Epm
Vendor: CVE Published:; 29 July 2024

Summary

An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2024 flat allows an authenticated attacker within the same network to execute arbitrary code.

Affected Version(s)

EPM <= 2024

CVSS V3.1

Score:

8.4

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Changed

Timeline

Risk change from: null to: 8.4 - (HIGH)
Jul 29, 2024
Vulnerability published.
Jul 29, 2024
Vulnerability Reserved.
Jun 7, 2024

Collectors

NVD DatabaseMitre Database

.