Description

Ivanti EPM has an SQL injection vulnerability. An unauthenticated attacker can use this vulnerability to execute arbitrary code and compromise the system.

Remediation

Upgrade to the latest version of Ivanti EPM

References

KB Security Advisory EPM May 2024

Horizon3 AI Detailed Analysis

Related Vulnerabilities

WordPress Plugin WP TripAdvisor Review Slider SQL Injection (10.7)

PHP Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability (CVE-2016-6291)

phpMyFAQ Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2017-15732)

PHP CVE-2016-6174 Vulnerability (CVE-2016-6174)

OpenSSL CVE-2023-4807 Vulnerability (CVE-2023-4807)

Severity

High

Classification

CVE-2024-29824 CWE-89 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L

Tags

Code Execution SQL Injection Known Vulnerabilities Acumonitor