The vulnerability of the GetDBPatches method in the Ivanti Endpoint Manager software for managing endpoints in information networks allows a hacker to execute arbitrary code.

The vulnerability of the GetDBPatches method in the Ivanti Endpoint Manager software for managing endpoints in information networks relates to the lack of protective measures for the SQL query structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary code using a...

Ivanti Endpoint Manager GetDBPatches SQL Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Endpoint Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the GetDBPatches method. The issue results from the lack o...

PT-2024-4014 · Ivanti · Ivanti Endpoint Manager

Name of the Vulnerable Software and Affected Versions: Ivanti Endpoint Manager versions prior to 2022 SU5 Description: The issue is related to a SQL Injection vulnerability in the GetDBPatches method of Ivanti Endpoint Manager, which fails to properly protect the SQL query structure. This allows ...