Security News > 2024 > May > Ivanti Patches Critical Remote Code Execution Flaws in Endpoint Manager
2024-05-23 09:21
Ivanti on Tuesday rolled out fixes to address multiple critical security flaws in Endpoint Manager (EPM) that could be exploited to achieve remote code execution under certain circumstances. Six of the 10 vulnerabilities – from CVE-2024-29822 through CVE-2024-29827 (CVSS scores: 9.6) – relate to SQL injection flaws that allow an unauthenticated attacker within the same network to
News URL
https://thehackernews.com/2024/05/ivanti-patches-critical-remote-code.html
Related news
- Ivanti Patches EPMM Vulnerabilities Exploited for Remote Code Execution in Limited Attacks (source)
- Critical Flaw in Apache Parquet Allows Remote Attackers to Execute Arbitrary Code (source)
- Critical Ivanti Flaw Actively Exploited to Deploy TRAILBLAZE and BRUSHFIRE Malware (source)
- ActiveX blocked by default in Microsoft 365 because remote code execution is bad, OK? (source)
- Critical Erlang/OTP SSH Vulnerability (CVSS 10.0) Allows Unauthenticated Code Execution (source)
- More Ivanti attacks may be on horizon, say experts who are seeing 9x surge in endpoint scans (source)
- Ivanti warns of critical Neurons for ITSM auth bypass flaw (source)
- Ivanti fixes EPMM zero-days chained in code execution attacks (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-05-31 | CVE-2024-29827 | SQL Injection vulnerability in Ivanti Endpoint Manager An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an unauthenticated attacker within the same network to execute arbitrary code. | 8.8 |
| 2024-05-31 | CVE-2024-29822 | SQL Injection vulnerability in Ivanti Endpoint Manager An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an unauthenticated attacker within the same network to execute arbitrary code. | 8.8 |