Lucene search
HackeroneCVELIST:CVE-2024-29847HistorySep 12, 2024 - 1:09 a.m.
CVE-2024-29847
2024-09-1201:09:56
hackerone
www.cve.org
10
deserialization
ivanti epm
remote code execution
security vulnerability
CVSS3
10
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
EPSS
0.001
Percentile
44.1%
Deserialization of untrusted data in the agent portal of Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote unauthenticated attacker to achieve remote code execution.
CNA Affected
[
{
"defaultStatus": "unaffected",
"vendor": "Ivanti",
"product": "EPM",
"versions": [
{
"version": "2024 September Security Update",
"status": "affected",
"lessThan": "2024 September Security Update",
"versionType": "custom"
},
{
"version": "2022 SU6",
"status": "affected",
"lessThan": "2022 SU6",
"versionType": "custom"
}
]
}
]Related
nvd
nvd
CVE-2024-29847
2024-09-12 02:15:02
cve
cve
CVE-2024-29847
2024-09-12 02:15:02
githubexploit
githubexploit
Exploit for Deserialization of Untrusted Data in Ivanti Endpoint Manager
2024-09-14 21:51:41
Exploit for Deserialization of Untrusted Data in Ivanti Endpoint Manager
2024-09-13 14:02:04
vulnrichment
vulnrichment
CVE-2024-29847
2024-09-12 01:09:56
thn
thn
rapid7blog
rapid7blog
High-risk vulnerabilities in common enterprise technologies
2024-09-19 20:45:57
nessus
nessus
Ivanti Endpoint Manager 2024 - September 2024 Security Update
2024-09-13 00:00:00
Ivanti Endpoint Manager 2022 - September Security Update
2024-09-18 00:00:00
CVSS3
10
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
EPSS
0.001
Percentile
44.1%
Related for CVELIST:CVE-2024-29847