Lucene search
HackeroneCVELIST:CVE-2024-32848HistorySep 12, 2024 - 1:09 a.m.
CVE-2024-32848
2024-09-1201:09:56
hackerone
www.cve.org
3
sql injection
ivanti epm
remote code execution
2024 september update
CVSS3
9.1
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
EPSS
0.001
Percentile
20.0%
An unspecified SQL injection in Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote authenticated attacker with admin privileges to achieve remote code execution.
CNA Affected
[
{
"defaultStatus": "unaffected",
"vendor": "Ivanti",
"product": "EPM",
"versions": [
{
"version": "2024 September Security Update",
"status": "affected",
"lessThan": "2024 September Security Update",
"versionType": "custom"
},
{
"version": "2022 SU6",
"status": "affected",
"lessThan": "2022 SU6",
"versionType": "custom"
}
]
}
]Related
vulnrichment
vulnrichment
CVE-2024-32848
2024-09-12 01:09:56
cve
cve
CVE-2024-32848
2024-09-12 02:15:03
nvd
nvd
CVE-2024-32848
2024-09-12 02:15:03
thn
thn
Ivanti Releases Urgent Security Updates for Endpoint Manager Vulnerabilities
2024-09-11 06:30:00
nessus
nessus
Ivanti Endpoint Manager 2022 - September Security Update
2024-09-18 00:00:00
Ivanti Endpoint Manager 2024 - September 2024 Security Update
2024-09-13 00:00:00
CVSS3
9.1
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
EPSS
0.001
Percentile
20.0%
Related for CVELIST:CVE-2024-32848