8 matches found
CVE-2024-34779
An unspecified SQL injection in Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote authenticated attacker with admin privileges to achieve remote code execution...
CVE-2024-32846
An unspecified SQL injection in Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote authenticated attacker with admin privileges to achieve remote code execution...
CVE-2024-32848
An unspecified SQL injection in Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote authenticated attacker with admin privileges to achieve remote code execution...
CVE-2024-34779
An unspecified SQL injection in Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote authenticated attacker with admin privileges to achieve remote code execution...
CVE-2024-34783
An unspecified SQL injection in Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote authenticated attacker with admin privileges to achieve remote code execution...
CVE-2024-32843
An unspecified SQL injection in Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote authenticated attacker with admin privileges to achieve remote code execution...
CVE-2024-8441
CVE-2024-8441 affects Ivanti Endpoint Manager (Ivanti EPM) agent. The issue is an uncontrolled search path that, on installations of Ivanti EPM before 2022 SU6 or the 2024 September update, can allow a local authenticated attacker with admin privileges to escalate to SYSTEM. Connected sources con...
PT-2024-6588 · Ivanti · Ivanti Epm
Name of the Vulnerable Software and Affected Versions: Ivanti EPM versions before 2022 SU6 Ivanti EPM versions before the 2024 September update Description: The issue is related to SQL injection in the management console of Ivanti EPM, allowing a remote unauthenticated attacker to achieve remote...