An unspecified SQL injection in Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote authenticated attacker with admin privileges to achieve remote code execution.
Metrics
Affected Vendors & Products
References
History
Thu, 12 Sep 2024 22:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
Thu, 12 Sep 2024 22:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Ivanti
Ivanti endpoint Manager |
|
Weaknesses | CWE-89 | |
CPEs | cpe:2.3:a:ivanti:endpoint_manager:*:*:*:*:*:*:*:* cpe:2.3:a:ivanti:endpoint_manager:2022:-:*:*:*:*:*:* cpe:2.3:a:ivanti:endpoint_manager:2022:su1:*:*:*:*:*:* cpe:2.3:a:ivanti:endpoint_manager:2022:su2:*:*:*:*:*:* cpe:2.3:a:ivanti:endpoint_manager:2022:su3:*:*:*:*:*:* cpe:2.3:a:ivanti:endpoint_manager:2022:su4:*:*:*:*:*:* cpe:2.3:a:ivanti:endpoint_manager:2022:su5:*:*:*:*:*:* cpe:2.3:a:ivanti:endpoint_manager:2024:-:*:*:*:*:*:* |
|
Vendors & Products |
Ivanti
Ivanti endpoint Manager |
|
Metrics |
cvssV3_1
|
Thu, 12 Sep 2024 01:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | An unspecified SQL injection in Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote authenticated attacker with admin privileges to achieve remote code execution. | |
References |
| |
Metrics |
cvssV3_0
|
MITRE
Status: PUBLISHED
Assigner: hackerone
Published: 2024-09-12T01:09:56.230Z
Updated: 2024-09-12T21:16:22.723Z
Reserved: 2024-04-19T01:04:06.774Z
Link: CVE-2024-32843
Vulnrichment
Updated: 2024-09-12T21:16:15.687Z
NVD
Status : Modified
Published: 2024-09-12T02:15:02.567
Modified: 2024-09-12T22:35:03.333
Link: CVE-2024-32843
Redhat
No data.