Ivanti Patches Critical Remote Code Execution Flaws in Endpoint Manager

2024-05-23 09:21

Ivanti on Tuesday rolled out fixes to address multiple critical security flaws in Endpoint Manager (EPM) that could be exploited to achieve remote code execution under certain circumstances. Six of the 10 vulnerabilities – from CVE-2024-29822 through CVE-2024-29827 (CVSS scores: 9.6) – relate to SQL injection flaws that allow an unauthenticated attacker within the same network to

News URL

https://thehackernews.com/2024/05/ivanti-patches-critical-remote-code.html

#codeexecution #critical #endpoint #ivanti #remote #CVE-2024-29827 #CVE-2024-29822

Related Vulnerability

DATE	CVE	VULNERABILITY TITLE	RISK
2024-05-31	CVE-2024-29827	An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an unauthenticated attacker within the same network to execute arbitrary code.	0.0
2024-05-31	CVE-2024-29822	An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an unauthenticated attacker within the same network to execute arbitrary code.	0.0

Related vendor

VENDOR	LAST 12M	#/PRODUCTS	LOW	MEDIUM	HIGH	CRITICAL	TOTAL VULNS
Ivanti		23	9	60	74	51	194

News URL

Related news

Related Vulnerability

Related vendor