Lucene search
IvantiCVELIST:CVE-2024-8191HistorySep 10, 2024 - 8:50 p.m.
CVE-2024-8191
2024-09-1020:50:24
CWE-89
ivanti
www.cve.org
2
cve-2024-8191
sql injection
ivanti epm
remote code execution
CVSS3
7.8
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS
0.001
Percentile
39.7%
SQL injection in the management console of Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote unauthenticated attacker to achieve remote code execution.
CNA Affected
[
{
"defaultStatus": "affected",
"product": "Endpoint Manager",
"vendor": "Ivanti",
"versions": [
{
"status": "unaffected",
"version": "2022 SU6",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "2024 September Security Update",
"versionType": "custom"
}
]
}
]Related
nvd
nvd
CVE-2024-8191
2024-09-10 21:15:14
cve
cve
CVE-2024-8191
2024-09-10 21:15:14
vulnrichment
vulnrichment
CVE-2024-8191
2024-09-10 20:50:24
nessus
nessus
Ivanti Endpoint Manager 2022 - September Security Update
2024-09-18 00:00:00
Ivanti Endpoint Manager 2024 - September 2024 Security Update
2024-09-13 00:00:00
CVSS3
7.8
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS
0.001
Percentile
39.7%
Related for CVELIST:CVE-2024-8191