Security News > 2024 > October > Critical Ivanti Endpoint Manager flaw exploited (CVE-2024-29824)
2024-10-03 15:20
CVE-2024-29824, an unauthenticated SQL Injection vulnerability in Ivanti Endpoint Manager (EPM) appliances, is being exploited by attackers, the Cybersecurity and Infrastructure Security Agency has confirmed by adding the bug to its Known Exploited Vulnerabilities catalog. Ivanti did the same by updating the relevant security advisory to say that they are aware of a limited number of customers who have been exploited. Further details about the attacks are unavailable at this time. About CVE-2024-29824 CVE-2024-29824, reported … More → The post Critical Ivanti Endpoint Manager flaw exploited (CVE-2024-29824) appeared first on Help Net Security.
News URL
https://www.helpnetsecurity.com/2024/10/03/cve-2024-29824/
Related news
- Critical Zimbra RCE vulnerability under mass exploitation (CVE-2024-45519) (source)
- Critical Ivanti RCE flaw with public exploit now used in attacks (source)
- Ivanti Endpoint Manager Flaw Actively Targeted, CISA Warns Agencies to Patch (source)
- Zero-Day Alert: Three Critical Ivanti CSA Vulnerabilities Actively Exploited (source)
- Ivanti fixes three CSA zero-days exploited in the wild (CVE-2024-9379, CVE-2024-9380, CVE-2024-9381) (source)
- Exploit code for critical GitLab auth bypass flaw released (CVE-2024-45409) (source)
- CISA adds fresh Ivanti vuln, critical Fortinet bug to hall of shame (source)
- VMware fixes critical vCenter Server RCE bug – again! (CVE-2024-38812) (source)
- Critical vulnerability in Cisco industrial wireless access points fixed (CVE-2024-20418) (source)
- Critical Palo Alto Networks Expedition bug exploited (CVE-2024-5910) (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-05-31 | CVE-2024-29824 | SQL Injection vulnerability in Ivanti Endpoint Manager An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an unauthenticated attacker within the same network to execute arbitrary code. | 8.8 |