CVE-2024-34785

Name of the Vulnerable Software and Affected Versions Ivanti EPM versions prior to 2022 SU6 Ivanti EPM versions prior to the 2024 September update

Description The issue is related to a SQL injection vulnerability in the LoadMotherboardTable method of Ivanti EPM, which does not properly protect the SQL query structure. This allows a remote authenticated attacker with admin privileges to achieve remote code execution. The vulnerability requires authentication to be exploited.

Recommendations For Ivanti EPM versions prior to 2022 SU6, update to version 2022 SU6 or later to resolve the issue. For Ivanti EPM versions prior to the 2024 September update, apply the 2024 September update or later to resolve the issue. As a temporary workaround, consider restricting access to the LoadMotherboardTable method until a patch is available.