← Retour aux CVEs
CVE-2024-29824
HIGHCISA KEV8.8
Description
An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an unauthenticated attacker within the same network to execute arbitrary code.
Details CVE
Score CVSS v3.18.8
SeveriteHIGH
Vecteur CVSSCVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Vecteur d'attaqueADJACENT_NETWORK
ComplexiteLOW
Privileges requisNONE
Interaction utilisateurNONE
Publie5/31/2024
Derniere modification10/30/2025
Sourcekev
Observations honeypot0
CISA KEV
FournisseurIvanti
ProduitEndpoint Manager (EPM)
Nom vulnerabiliteIvanti Endpoint Manager (EPM) SQL Injection Vulnerability
Date ajout KEV2024-10-02
Date limite remediation2024-10-23
Utilise dans ransomwareUnknown
Produits affectes
ivanti:endpoint_manager
Faiblesses (CWE)
CWE-89CWE-89
References
https://forums.ivanti.com/s/article/Security-Advisory-May-2024(support@hackerone.com)
https://forums.ivanti.com/s/article/Security-Advisory-May-2024(af854a3a-2127-422b-91ae-364da2661108)
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-29824(134c704f-9b21-4f2e-91b3-4a467353bcc0)
Correlations IOC
Aucune correlation enregistree
This product uses data from the NVD API but is not endorsed or certified by the NVD.