PT-2024-6213 · Ivanti · Ivanti Epm

Published

2024-09-10

Updated

2024-09-12

CVE-2024-8322

CVSS v2.0

9.0

High

Vector

AV:N/AC:L/Au:S/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Ivanti EPM versions before 2022 SU6 Ivanti EPM versions before the 2024 September update

Description The issue is related to weak authentication in the Patch Management of Ivanti EPM, allowing a remote authenticated attacker to access restricted functionality. This can be exploited by a remote attacker to gain unauthorized access.

Recommendations For Ivanti EPM versions before 2022 SU6, update to version 2022 SU6 or later to resolve the issue. For Ivanti EPM versions before the 2024 September update, apply the 2024 September update to fix the weakness in Patch Management authentication.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-1390

Related Identifiers

BDU:2024-07154

CVE-2024-8322

Affected Products

Ivanti Epm

PT-2024-6213 · Ivanti · Ivanti Epm

CVE-2024-8322

Weakness Enumeration

Related Identifiers

Affected Products

References · 10