CVE-2024-29846

An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an authenticated attacker within the same network to execute arbitrary code.
References
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:ivanti:endpoint_manager:*:*:*:*:*:*:*:*
cpe:2.3:a:ivanti:endpoint_manager:2022:-:*:*:*:*:*:*
cpe:2.3:a:ivanti:endpoint_manager:2022:su1:*:*:*:*:*:*
cpe:2.3:a:ivanti:endpoint_manager:2022:su2:*:*:*:*:*:*
cpe:2.3:a:ivanti:endpoint_manager:2022:su3:*:*:*:*:*:*
cpe:2.3:a:ivanti:endpoint_manager:2022:su4:*:*:*:*:*:*
cpe:2.3:a:ivanti:endpoint_manager:2022:su5:*:*:*:*:*:*

History

03 Oct 2024, 16:46

Type Values Removed Values Added
References () https://www.ivanti.com/blog/topics/security-advisory - () https://www.ivanti.com/blog/topics/security-advisory - Vendor Advisory
CPE cpe:2.3:a:ivanti:endpoint_manager:*:*:*:*:*:*:*:*
cpe:2.3:a:ivanti:endpoint_manager:2022:su4:*:*:*:*:*:*
cpe:2.3:a:ivanti:endpoint_manager:2022:-:*:*:*:*:*:*
cpe:2.3:a:ivanti:endpoint_manager:2022:su1:*:*:*:*:*:*
cpe:2.3:a:ivanti:endpoint_manager:2022:su3:*:*:*:*:*:*
cpe:2.3:a:ivanti:endpoint_manager:2022:su2:*:*:*:*:*:*
cpe:2.3:a:ivanti:endpoint_manager:2022:su5:*:*:*:*:*:*
First Time Ivanti endpoint Manager
Ivanti
CVSS v2 : unknown
v3 : 8.4
v2 : unknown
v3 : 8.0

03 Jul 2024, 01:52

Type Values Removed Values Added
CWE CWE-89
Summary
  • (es) Una vulnerabilidad de inyección SQL no especificada en el servidor central de Ivanti EPM 2022 SU5 y anteriores permite que un atacante autenticado dentro de la misma red ejecute código arbitrario.

31 May 2024, 18:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-05-31 18:15

Updated : 2024-10-03 16:46


NVD link : CVE-2024-29846

Mitre link : CVE-2024-29846

CVE.ORG link : CVE-2024-29846


JSON object : View

Products Affected

ivanti

  • endpoint_manager
CWE
CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')