CVE-2024-29828

An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an authenticated attacker within the same network to execute arbitrary code.
References
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:ivanti:endpoint_manager:*:*:*:*:*:*:*:*
cpe:2.3:a:ivanti:endpoint_manager:2022:-:*:*:*:*:*:*
cpe:2.3:a:ivanti:endpoint_manager:2022:su1:*:*:*:*:*:*
cpe:2.3:a:ivanti:endpoint_manager:2022:su2:*:*:*:*:*:*
cpe:2.3:a:ivanti:endpoint_manager:2022:su3:*:*:*:*:*:*
cpe:2.3:a:ivanti:endpoint_manager:2022:su4:*:*:*:*:*:*
cpe:2.3:a:ivanti:endpoint_manager:2022:su5:*:*:*:*:*:*

History

03 Oct 2024, 16:46

Type Values Removed Values Added
CVSS v2 : unknown
v3 : 8.4
v2 : unknown
v3 : 8.0
First Time Ivanti endpoint Manager
Ivanti
References () https://forums.ivanti.com/s/article/Security-Advisory-May-2024 - () https://forums.ivanti.com/s/article/Security-Advisory-May-2024 - Vendor Advisory
CPE cpe:2.3:a:ivanti:endpoint_manager:*:*:*:*:*:*:*:*
cpe:2.3:a:ivanti:endpoint_manager:2022:su4:*:*:*:*:*:*
cpe:2.3:a:ivanti:endpoint_manager:2022:-:*:*:*:*:*:*
cpe:2.3:a:ivanti:endpoint_manager:2022:su1:*:*:*:*:*:*
cpe:2.3:a:ivanti:endpoint_manager:2022:su3:*:*:*:*:*:*
cpe:2.3:a:ivanti:endpoint_manager:2022:su2:*:*:*:*:*:*
cpe:2.3:a:ivanti:endpoint_manager:2022:su5:*:*:*:*:*:*

01 Aug 2024, 13:49

Type Values Removed Values Added
Summary
  • (es) Una vulnerabilidad de inyección SQL no especificada en el servidor central de Ivanti EPM 2022 SU5 y anteriores permite que un atacante autenticado dentro de la misma red ejecute código arbitrario.
CWE CWE-89

31 May 2024, 18:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-05-31 18:15

Updated : 2024-10-03 16:46


NVD link : CVE-2024-29828

Mitre link : CVE-2024-29828

CVE.ORG link : CVE-2024-29828


JSON object : View

Products Affected

ivanti

  • endpoint_manager
CWE
CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')