Lucene search
HackeroneCVELIST:CVE-2024-34785HistorySep 12, 2024 - 1:09 a.m.
CVE-2024-34785
2024-09-1201:09:56
hackerone
www.cve.org
4
sql injection
ivanti epm
remote code execution
authenticated attacker
admin privileges
cve-2024-34785
CVSS3
9.1
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
EPSS
0.001
Percentile
20.0%
An unspecified SQL injection in Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote authenticated attacker with admin privileges to achieve remote code execution.
CNA Affected
[
{
"defaultStatus": "unaffected",
"vendor": "Ivanti",
"product": "EPM",
"versions": [
{
"version": "2024 September Security Update",
"status": "affected",
"lessThan": "2024 September Security Update",
"versionType": "custom"
},
{
"version": "2022 SU6",
"status": "affected",
"lessThan": "2022 SU6",
"versionType": "custom"
}
]
}
]Related
nvd
nvd
CVE-2024-34785
2024-09-12 02:15:03
cve
cve
CVE-2024-34785
2024-09-12 02:15:03
vulnrichment
vulnrichment
CVE-2024-34785
2024-09-12 01:09:56
thn
thn
Ivanti Releases Urgent Security Updates for Endpoint Manager Vulnerabilities
2024-09-11 06:30:00
nessus
nessus
Ivanti Endpoint Manager 2024 - September 2024 Security Update
2024-09-13 00:00:00
Ivanti Endpoint Manager 2022 - September Security Update
2024-09-18 00:00:00
CVSS3
9.1
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
EPSS
0.001
Percentile
20.0%
Related for CVELIST:CVE-2024-34785