logo

CVE-2024-29824 - Ivanti Endpoint Manager (EPM) SQL Injection Vulnerability

CVE-2024-29824

Ivanti | Endpoint Manager (EPM)

  • Date Added:
  • 2024-10-02
  • Due Date:
  • 2024-10-23
Vulnerability Name

Ivanti Endpoint Manager (EPM) SQL Injection Vulnerability

Description

Ivanti Endpoint Manager (EPM) contains a SQL injection vulnerability in Core server that allows an unauthenticated attacker within the same network to execute arbitrary code.

Known To Be Used in Ransomware Campaigns?

Unknown

Action

Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Additional Notes
https://forums.ivanti.com/s/article/Security-Advisory-May-2024 ; https://nvd.nist.gov/vuln/detail/CVE-2024-29824
Related News Articles

Free security scan for your website