3 matches found
CVE-2024-32848
CVE-2024-32848 is an SQL injection in Ivanti Endpoint Manager (EPM) affecting versions prior to the 2024 September update and prior to 2022 SU6 in some advisories. The flaw is exploitable by a remote authenticated attacker with admin privileges to achieve remote code execution. Red Hat and NVD en...
CVE-2024-32848
An unspecified SQL injection in Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote authenticated attacker with admin privileges to achieve remote code execution...
Ivanti Releases Urgent Security Updates for Endpoint Manager Vulnerabilities
Ivanti has released software updates to address multiple security flaws impacting Endpoint Manager EPM, including 10 critical vulnerabilities that could result in remote code execution. A brief description of the issues is as follows - CVE-2024-29847 CVSS score: 10.0 - A deserialization of...