Security News > 2024 > October > Ivanti Endpoint Manager Flaw Actively Targeted, CISA Warns Agencies to Patch
2024-10-03 06:06
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday added a security flaw impacting Endpoint Manager (EPM) that the company patched in May to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation. The vulnerability, tracked as CVE-2024-29824, carries a CVSS score of 9.6 out of a maximum of 10.0, indicating critical severity. "An
News URL
https://thehackernews.com/2024/10/ivanti-endpoint-manager-flaw-actively.html
Related news
- CISA Urges Federal Agencies to Patch Versa Director Vulnerability by September (source)
- Ivanti fixes maximum severity RCE bug in Endpoint Management software (source)
- Ivanti Releases Urgent Security Updates for Endpoint Manager Vulnerabilities (source)
- Ivanti fixes critical vulnerabilities in Endpoint Management (CVE-2024-29847) (source)
- Exploit code released for critical Ivanti RCE flaw, patch now (source)
- CISA Flags Critical Ivanti vTM Vulnerability Amid Active Exploitation Concerns (source)
- Ivanti vTM auth bypass flaw exploited in attacks, CISA warns (CVE-2024-7593) (source)
- Critical Ivanti Endpoint Manager flaw exploited (CVE-2024-29824) (source)
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2024-05-31 | CVE-2024-29824 | SQL Injection vulnerability in Ivanti Endpoint Manager An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an unauthenticated attacker within the same network to execute arbitrary code. | 8.8 |