CVE-2024-50330

Name of the Vulnerable Software and Affected Versions Ivanti Endpoint Manager versions prior to 2024 November Security Update or 2022 SU6 November Security Update

Description The issue is related to a SQL injection vulnerability in Ivanti Endpoint Manager. This vulnerability allows a remote unauthenticated attacker to achieve remote code execution. The estimated number of potentially affected devices worldwide is not specified. There is no information about real-world incidents where this issue was exploited. Technical details about exploitation include the fact that it is a SQL injection vulnerability, but specific API endpoints, vulnerable parameters, or function names are not mentioned.

Recommendations For Ivanti Endpoint Manager versions prior to 2024 November Security Update or 2022 SU6 November Security Update, update to the latest version that includes the security patch for this vulnerability. At the moment, there is no information about additional mitigation measures.