PT-2024-3759 · Ivanti · Ivanti Epm
Published
2024-05-21
·
Updated
2024-10-03
·
CVE-2024-29822
CVSS v3.1
9.6
Critical
| Vector | AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Ivanti EPM versions 2022 SU5 and prior
Description
The issue allows an unauthenticated attacker within the same network to execute arbitrary code due to an unspecified SQL Injection vulnerability in the Core server. This can be exploited by injecting specially crafted SQL code, potentially enabling remote code execution.
Recommendations
For Ivanti EPM versions 2022 SU5 and prior, at the moment, there is no information about a newer version that contains a fix for this vulnerability.
SQL injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Ivanti Epm