Security News > 2024 > September > Ivanti fixes critical vulnerabilities in Endpoint Management (CVE-2024-29847)
2024-09-11 11:50
Ivanti has fixed a slew of vulnerabilities affecting its Endpoint Manager solution, including a maximum severity one (CVE-2024-29847) that may allow unauthenticated attackers to remotely execute code in the context of the vulnerable system, and use it as a beachhead for burrowing into corporate networks and devices. The fixes CVE-2024-29847 affects the agent portal of Ivanti Endpoint Manager versions 2024 (with the September update) and 2022 SU5 and earlier, and stems from the application’s improper … More → The post Ivanti fixes critical vulnerabilities in Endpoint Management (CVE-2024-29847) appeared first on Help Net Security.
News URL
https://www.helpnetsecurity.com/2024/09/11/cve-2024-29847/
Related news
- Ivanti fixes maximum severity RCE bug in Endpoint Management software (source)
- Ivanti Releases Urgent Security Updates for Endpoint Manager Vulnerabilities (source)
- Critical Apache OFBiz pre-auth RCE flaw fixed, update ASAP! (CVE-2024-38856) (source)
- Critical 1Password flaws may allow hackers to snatch your passwords (CVE-2024-42219, CVE-2024-42218) (source)
- Ivanti warns of critical vTM auth bypass with public exploit (source)
- Critical Flaw in Ivanti Virtual Traffic Manager Could Allow Rogue Admin Access (source)
- Critical RCE bug in SolarWinds Web Help Desk fixed (CVE-2024-28986) (source)
- Critical GitHub Enterprise Server auth bypass flaw fixed (CVE-2024-6800) (source)
- Another critical SolarWinds Web Help Desk bug fixed (CVE-2024-28987) (source)
- SonicWall patches critical flaw affecting its firewalls (CVE-2024-40766) (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-09-12 | CVE-2024-29847 | Deserialization of Untrusted Data vulnerability in Ivanti Endpoint Manager Deserialization of untrusted data in the agent portal of Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote unauthenticated attacker to achieve remote code execution. | 9.8 |