CVE-2024-29824 - Ivanti Endpoint Manager (EPM) SQL Injection Vulnerability

CVE-2024-29824: Ivanti | Endpoint Manager (EPM)

Date Added:
2024-10-02

Due Date:
2024-10-23

Vulnerability Name: Ivanti Endpoint Manager (EPM) SQL Injection Vulnerability

Description: Ivanti Endpoint Manager (EPM) contains a SQL injection vulnerability in Core server that allows an unauthenticated attacker within the same network to execute arbitrary code.

Known To Be Used in Ransomware Campaigns?: Unknown

Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Additional Notes: https://forums.ivanti.com/s/article/Security-Advisory-May-2024 ; https://nvd.nist.gov/vuln/detail/CVE-2024-29824

Related News Articles

Nation-State Attackers Exploiting Ivanti CSA Flaws for Network InfiltrationOctober 14, 2024

Zero-Day Alert: Three Critical Ivanti CSA Vulnerabilities Actively ExploitedOctober 9, 2024

Critical Ivanti Endpoint Manager flaw exploited (CVE-2024-29824)October 3, 2024

Ivanti Endpoint Manager Flaw Actively Targeted, CISA Warns Agencies to PatchOctober 3, 2024

Critical Ivanti RCE flaw with public exploit now used in attacksOctober 3, 2024

Free security scan for your website

Don't show website scan report rating on the leaderboard