Description

Ivanti EPM has an SQL injection vulnerability. An unauthenticated attacker can use this vulnerability to execute arbitrary code and compromise the system.

Remediation

Upgrade to the latest version of Ivanti EPM

References

KB Security Advisory EPM May 2024

Horizon3 AI Detailed Analysis

Related Vulnerabilities

TYPO3 Improper Input Validation Vulnerability (CVE-2019-11832)

phpMyAdmin Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2016-9853)

osCommerce Other Vulnerability (CVE-2004-2638)

WordPress Plugin WP PRO Advertising System-All In One Ad Manager SQL Injection (4.6.18)

WordPress Plugin BackWPup Remote and Local Code Execution (1.6.1)

Severity

High

Classification

CVE-2024-29824 CWE-89 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L

Tags

Code Execution SQL Injection Known Vulnerabilities Acumonitor