Security News > 2024 > October > Critical Ivanti Endpoint Manager flaw exploited (CVE-2024-29824)
CVE-2024-29824, an unauthenticated SQL Injection vulnerability in Ivanti Endpoint Manager (EPM) appliances, is being exploited by attackers, the Cybersecurity and Infrastructure Security Agency has confirmed by adding the bug to its Known Exploited Vulnerabilities catalog. Ivanti did the same by updating the relevant security advisory to say that they are aware of a limited number of customers who have been exploited. Further details about the attacks are unavailable at this time. About CVE-2024-29824 CVE-2024-29824, reported … More → The post Critical Ivanti Endpoint Manager flaw exploited (CVE-2024-29824) appeared first on Help Net Security.
News URL
https://www.helpnetsecurity.com/2024/10/03/cve-2024-29824/
Related news
- Ivanti fixes critical vulnerabilities in Endpoint Management (CVE-2024-29847) (source)
- Zyxel fixes critical command injection flaw in EOL NAS devices (CVE-2024-6342) (source)
- Ivanti fixes maximum severity RCE bug in Endpoint Management software (source)
- Ivanti Releases Urgent Security Updates for Endpoint Manager Vulnerabilities (source)
- Exploit code released for critical Ivanti RCE flaw, patch now (source)
- PoC exploit for exploited Ivanti Cloud Services Appliance flaw released (CVE-2024-8190) (source)
- Critical VMware vCenter Server bugs fixed (CVE-2024-38812) (source)
- Patch this critical Safeguard for Privileged Passwords auth bypass flaw (CVE-2024-45488) (source)
- Ivanti warns of another critical CSA flaw exploited in attacks (source)
- Critical Ivanti Cloud Appliance Vulnerability Exploited in Active Cyberattacks (source)
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2024-05-31 | CVE-2024-29824 | SQL Injection vulnerability in Ivanti Endpoint Manager An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an unauthenticated attacker within the same network to execute arbitrary code. | 8.8 |