Security News > 2024 > May > Ivanti Patches Critical Remote Code Execution Flaws in Endpoint Manager
2024-05-23 09:21
Ivanti on Tuesday rolled out fixes to address multiple critical security flaws in Endpoint Manager (EPM) that could be exploited to achieve remote code execution under certain circumstances. Six of the 10 vulnerabilities – from CVE-2024-29822 through CVE-2024-29827 (CVSS scores: 9.6) – relate to SQL injection flaws that allow an unauthenticated attacker within the same network to
News URL
https://thehackernews.com/2024/05/ivanti-patches-critical-remote-code.html
Related news
- Critical Ivanti Endpoint Manager flaw exploited (CVE-2024-29824) (source)
- Critical Apache Avro SDK Flaw Allows Remote Code Execution in Java Applications (source)
- Critical Linux CUPS Printing System Flaws Could Allow Remote Command Execution (source)
- Critical Flaws in Tank Gauge Systems Expose Gas Stations to Remote Attacks (source)
- Critical Ivanti RCE flaw with public exploit now used in attacks (source)
- Ivanti Endpoint Manager Flaw Actively Targeted, CISA Warns Agencies to Patch (source)
- Zero-Day Alert: Three Critical Ivanti CSA Vulnerabilities Actively Exploited (source)
- CISA adds fresh Ivanti vuln, critical Fortinet bug to hall of shame (source)
- OvrC Platform Vulnerabilities Expose IoT Devices to Remote Attacks and Code Execution (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-05-31 | CVE-2024-29827 | SQL Injection vulnerability in Ivanti Endpoint Manager An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an unauthenticated attacker within the same network to execute arbitrary code. | 8.8 |
| 2024-05-31 | CVE-2024-29822 | SQL Injection vulnerability in Ivanti Endpoint Manager An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an unauthenticated attacker within the same network to execute arbitrary code. | 8.8 |