Security News > 2024 > May > Ivanti Patches Critical Remote Code Execution Flaws in Endpoint Manager

Ivanti Patches Critical Remote Code Execution Flaws in Endpoint Manager
2024-05-23 09:21

Ivanti on Tuesday rolled out fixes to address multiple critical security flaws in Endpoint Manager (EPM) that could be exploited to achieve remote code execution under certain circumstances. Six of the 10 vulnerabilities – from CVE-2024-29822 through CVE-2024-29827 (CVSS scores: 9.6) – relate to SQL injection flaws that allow an unauthenticated attacker within the same network to


News URL

https://thehackernews.com/2024/05/ivanti-patches-critical-remote-code.html

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2024-05-31 CVE-2024-29827 SQL Injection vulnerability in Ivanti Endpoint Manager
An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an unauthenticated attacker within the same network to execute arbitrary code.
low complexity
ivanti CWE-89
8.8
2024-05-31 CVE-2024-29822 SQL Injection vulnerability in Ivanti Endpoint Manager
An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an unauthenticated attacker within the same network to execute arbitrary code.
low complexity
ivanti CWE-89
8.8

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Ivanti 29 1 56 180 79 316