An unspecified SQL injection in Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote authenticated attacker with admin privileges to achieve remote code execution.
Metrics
Affected Vendors & Products
References
History
Thu, 12 Sep 2024 22:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Ivanti
Ivanti endpoint Manager |
|
Weaknesses | CWE-89 | |
CPEs | cpe:2.3:a:ivanti:endpoint_manager:*:*:*:*:*:*:*:* cpe:2.3:a:ivanti:endpoint_manager:2022:-:*:*:*:*:*:* cpe:2.3:a:ivanti:endpoint_manager:2022:su1:*:*:*:*:*:* cpe:2.3:a:ivanti:endpoint_manager:2022:su2:*:*:*:*:*:* cpe:2.3:a:ivanti:endpoint_manager:2022:su3:*:*:*:*:*:* cpe:2.3:a:ivanti:endpoint_manager:2022:su4:*:*:*:*:*:* cpe:2.3:a:ivanti:endpoint_manager:2022:su5:*:*:*:*:*:* cpe:2.3:a:ivanti:endpoint_manager:2024:-:*:*:*:*:*:* |
|
Vendors & Products |
Ivanti
Ivanti endpoint Manager |
|
Metrics |
cvssV3_1
|
Thu, 12 Sep 2024 01:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | An unspecified SQL injection in Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote authenticated attacker with admin privileges to achieve remote code execution. | |
References |
| |
Metrics |
cvssV3_0
|
MITRE
Status: PUBLISHED
Assigner: hackerone
Published: 2024-09-12T01:09:56.258Z
Updated: 2024-09-12T21:18:18.550Z
Reserved: 2024-05-09T01:04:06.434Z
Link: CVE-2024-34779
Vulnrichment
Updated: 2024-09-12T21:17:45.725Z
NVD
Status : Modified
Published: 2024-09-12T02:15:03.207
Modified: 2024-09-12T22:35:06.133
Link: CVE-2024-34779
Redhat
No data.