CVE-2024-34785

An unspecified SQL injection in Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote authenticated attacker with admin privileges to achieve remote code execution.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:ivanti:endpoint_manager:*:*:*:*:*:*:*:*
cpe:2.3:a:ivanti:endpoint_manager:2022:-:*:*:*:*:*:*
cpe:2.3:a:ivanti:endpoint_manager:2022:su1:*:*:*:*:*:*
cpe:2.3:a:ivanti:endpoint_manager:2022:su2:*:*:*:*:*:*
cpe:2.3:a:ivanti:endpoint_manager:2022:su3:*:*:*:*:*:*
cpe:2.3:a:ivanti:endpoint_manager:2022:su4:*:*:*:*:*:*
cpe:2.3:a:ivanti:endpoint_manager:2022:su5:*:*:*:*:*:*
cpe:2.3:a:ivanti:endpoint_manager:2024:-:*:*:*:*:*:*

History

12 Sep 2024, 22:06

Type Values Removed Values Added
CVSS v2 : unknown
v3 : 9.1
v2 : unknown
v3 : 7.2
CWE CWE-89
First Time Ivanti endpoint Manager
Ivanti
CPE cpe:2.3:a:ivanti:endpoint_manager:2022:su3:*:*:*:*:*:*
cpe:2.3:a:ivanti:endpoint_manager:2022:su5:*:*:*:*:*:*
cpe:2.3:a:ivanti:endpoint_manager:2024:-:*:*:*:*:*:*
cpe:2.3:a:ivanti:endpoint_manager:2022:-:*:*:*:*:*:*
cpe:2.3:a:ivanti:endpoint_manager:2022:su4:*:*:*:*:*:*
cpe:2.3:a:ivanti:endpoint_manager:2022:su1:*:*:*:*:*:*
cpe:2.3:a:ivanti:endpoint_manager:*:*:*:*:*:*:*:*
cpe:2.3:a:ivanti:endpoint_manager:2022:su2:*:*:*:*:*:*
References () https://forums.ivanti.com/s/article/Security-Advisory-EPM-September-2024-for-EPM-2024-and-EPM-2022 - () https://forums.ivanti.com/s/article/Security-Advisory-EPM-September-2024-for-EPM-2024-and-EPM-2022 - Vendor Advisory

12 Sep 2024, 12:35

Type Values Removed Values Added
Summary
  • (es) Una inyección SQL no especificada en Ivanti EPM antes de 2022 SU6 o la actualización de septiembre de 2024 permite que un atacante autenticado remoto con privilegios de administrador logre la ejecución remota de código.

12 Sep 2024, 02:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-09-12 02:15

Updated : 2024-09-12 22:35


NVD link : CVE-2024-34785

Mitre link : CVE-2024-34785

CVE.ORG link : CVE-2024-34785


JSON object : View

Products Affected

ivanti

  • endpoint_manager
CWE
CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')