CVE-2024-29823

Name of the Vulnerable Software and Affected Versions: Ivanti EPM versions 2022 SU5 and prior

Description: The issue is related to an unspecified SQL Injection vulnerability in the Core server of Ivanti EPM, allowing an unauthenticated attacker within the same network to execute arbitrary code. This vulnerability is associated with the failure to protect the SQL query structure in the GetDBVulnerabilities method of Ivanti Endpoint Manager. Exploitation of this vulnerability may allow a remote attacker to execute arbitrary code using a specially crafted query.

Recommendations: For Ivanti EPM versions 2022 SU5 and prior, at the moment, there is no information about a newer version that contains a fix for this vulnerability.