SQL Injection Vulnerability in Ivanti Endpoint Manager
CVE-2024-50328
7.2HIGH
Summary
The vulnerability in Ivanti Endpoint Manager arises from an SQL injection flaw which allows a remote authenticated attacker, possessing admin privileges, to exploit the system. This exploitation can lead to remote code execution, potentially compromising the integrity and security of the affected systems. The vulnerability exists in versions released prior to the November 2024 Security Update, as well as the November 2022 Security Update for version 2022 SU6. Organizations utilizing these versions should prioritize updating to safeguard their systems against potential threats.
Affected Version(s)
Endpoint Manager 2024 November Security Update
Endpoint Manager 2024 November Security Update
Endpoint Manager 2022 SU6 November Security Update
References
CVSS V3.1
Score:
7.2
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Collectors
NVD DatabaseMitre Database