Description

Ivanti EPM has an SQL injection vulnerability. An unauthenticated attacker can use this vulnerability to execute arbitrary code and compromise the system.

Remediation

Upgrade to the latest version of Ivanti EPM

References

KB Security Advisory EPM May 2024

Horizon3 AI Detailed Analysis

Related Vulnerabilities

Oracle JRE CVE-2017-10348 Vulnerability (CVE-2017-10348)

ownCloud Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2023-24804)

XWiki Missing Authorization Vulnerability (CVE-2023-41046)

Dolibarr Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2018-10094)

Liferay DXP Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2022-42112)

Severity

High

Classification

CVE-2024-29824 CWE-89 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L

Tags

Code Execution SQL Injection Known Vulnerabilities Acumonitor