Description

Ivanti EPM has an SQL injection vulnerability. An unauthenticated attacker can use this vulnerability to execute arbitrary code and compromise the system.

Remediation

Upgrade to the latest version of Ivanti EPM

References

KB Security Advisory EPM May 2024

Horizon3 AI Detailed Analysis

Related Vulnerabilities

OpenSSL Cryptographic Issues Vulnerability (CVE-2011-4576)

Craft CMS Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2017-9516)

WebLogic CVE-2010-2375 Vulnerability (CVE-2010-2375)

XWiki Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2023-37909)

MySQL CVE-2023-22113 Vulnerability (CVE-2023-22113)

Severity

High

Classification

CVE-2024-29824 CWE-89 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L

Tags

Code Execution SQL Injection Known Vulnerabilities Acumonitor