CVE-2024-29824

Sažetak

An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an unauthenticated attacker within the same network to execute arbitrary code.

Reference

https://forums.ivanti.com/s/article/Security-Advisory-May-2024
https://forums.ivanti.com/s/article/Security-Advisory-May-2024
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-29824

CVSS

Base:	9.6
Impact:	6.0
Exploitability:	2.8

Pristup

Vektor	Složenost	Autentikacija
ADJACENT_NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
HIGH	HIGH	HIGH

CVSS vektor

CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Zadnje važnije ažuriranje

30-10-2025 - 20:40

Objavljeno

31-05-2024 - 18:15