Ivanti Endpoint Manager (EPM) SQL Injection Vulnerability

Added Oct. 2, 2024 • Due Oct. 23, 2024 • CVE-2024-29824

Overdue Ivanti / Endpoint Manager (EPM) CWE-89

Description

Ivanti Endpoint Manager (EPM) contains a SQL injection vulnerability in Core server that allows an unauthenticated attacker within the same network to execute arbitrary code.

Required Action

Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

References

https://forums.ivanti.com/s/article/Security-Advisory-May-2024
https://nvd.nist.gov/vuln/detail/CVE-2024-29824

Additional Information

Catalog Version: 2025.01.24
Catalog Released: Jan. 24, 2025
Days Until Due: 0 days
Last Updated: 4 months, 1 week ago