Description

Ivanti EPM has an SQL injection vulnerability. An unauthenticated attacker can use this vulnerability to execute arbitrary code and compromise the system.

Remediation

Upgrade to the latest version of Ivanti EPM

References

KB Security Advisory EPM May 2024

Horizon3 AI Detailed Analysis

Related Vulnerabilities

Drupal Permissions, Privileges, and Access Controls Vulnerability (CVE-2012-4554)

Drupal Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2008-3218)

Jolokia Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2018-1000129)

MySQL CVE-2019-2566 Vulnerability (CVE-2019-2566)

ownCloud Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2017-5865)

Severity

High

Classification

CVE-2024-29824 CWE-89 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L

Tags

Code Execution SQL Injection Known Vulnerabilities Acumonitor