CVSS: 9.8EPSS: 94%CPEs: 1EXPL: 4CVE-2024-29824 – Ivanti Endpoint Manager (EPM) SQL Injection Vulnerability
https://notcve.org/view.php?id=CVE-2024-29824
24 May 2024 — An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an unauthenticated attacker within the same network to execute arbitrary code. Una vulnerabilidad de inyección SQL no especificada en el servidor central de Ivanti EPM 2022 SU5 y anteriores permite que un atacante no autenticado dentro de la misma red ejecute código arbitrario. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Endpoint Manager. Authenticati... • https://packetstorm.news/files/id/179459 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.7EPSS: 0%CPEs: 1EXPL: 0CVE-2023-46806
https://notcve.org/view.php?id=CVE-2023-46806
22 May 2024 — An SQL Injection vulnerability in a web component of EPMM versions before 12.1.0.0 allows an authenticated user with appropriate privilege to access or modify data in the underlying database. Una vulnerabilidad de inyección SQL en un componente web de versiones EPMM anteriores a 12.1.0.0 permite a un usuario autenticado con el privilegio adecuado acceder o modificar datos en la base de datos subyacente. • https://forums.ivanti.com/s/article/Security-Advisory-EPMM-May-2024?language=en_US • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.7EPSS: 0%CPEs: 1EXPL: 0CVE-2023-46807
https://notcve.org/view.php?id=CVE-2023-46807
22 May 2024 — An SQL Injection vulnerability in web component of EPMM before 12.1.0.0 allows an authenticated user with appropriate privilege to access or modify data in the underlying database. Una vulnerabilidad de inyección SQL en el componente web de EPMM anterior a 12.1.0.0 permite a un usuario autenticado con el privilegio adecuado acceder o modificar datos en la base de datos subyacente. • https://forums.ivanti.com/s/article/Security-Advisory-EPMM-May-2024?language=en_US • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.7EPSS: 0%CPEs: 1EXPL: 1CVE-2024-22026
https://notcve.org/view.php?id=CVE-2024-22026
22 May 2024 — A local privilege escalation vulnerability in EPMM before 12.1.0.0 allows an authenticated local user to bypass shell restriction and execute arbitrary commands on the appliance. Una vulnerabilidad de escalada de privilegios locales en EPMM anterior a 12.1.0.0 permite a un usuario local autenticado evitar la restricción del shell y ejecutar comandos arbitrarios en el dispositivo. • https://github.com/securekomodo/CVE-2024-22026 • CWE-284: Improper Access Control •
CVSS: 7.8EPSS: 1%CPEs: 19EXPL: 0CVE-2024-29205
https://notcve.org/view.php?id=CVE-2024-29205
24 Apr 2024 — An Improper Check for Unusual or Exceptional Conditions vulnerability in the web component of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure (9.x, 22.x) allows a remote unauthenticated attacker to send specially crafted requests in-order-to cause service disruptions. Una vulnerabilidad de verificación inadecuada de condiciones inusuales o excepcionales en el componente web de Ivanti Connect Secure (9.x, 22.x) e Ivanti Policy Secure (9.x, 22.x) permite a un atacante remoto no autenticado enviar s... • https://forums.ivanti.com/s/article/SA-CVE-2024-21894-Heap-Overflow-CVE-2024-22052-Null-Pointer-Dereference-CVE-2024-22053-Heap-Overflow-and-CVE-2024-22023-XML-entity-expansion-or-XXE-for-Ivanti-Connect-Secure-and-Ivanti-Policy-Secure-Gateways?language=en_US • CWE-703: Improper Check or Handling of Exceptional Conditions •
CVSS: 5.3EPSS: 1%CPEs: 1EXPL: 0CVE-2024-23527 – Ivanti Avalanche WLAvalancheService Out-Of-Bounds Read Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2024-23527
23 Apr 2024 — An out-of-bounds read vulnerability in WLAvalancheService component of Ivanti Avalanche before 6.4.3, in certain conditions can allow an unauthenticated remote attacker to read sensitive information in memory. Una vulnerabilidad de lectura fuera de los límites en el componente WLAvalancheService de Ivanti Avalanche anterior a 6.4.3, en ciertas condiciones, puede permitir que un atacante remoto no autenticado lea información confidencial en la memoria. This vulnerability allows remote attackers to disclose s... • https://www.ivanti.com/blog/security-update-for-ivanti-avalanche • CWE-125: Out-of-bounds Read •
CVSS: 5.3EPSS: 1%CPEs: 1EXPL: 0CVE-2024-23526 – Ivanti Avalanche WLAvalancheService Out-Of-Bounds Read Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2024-23526
19 Apr 2024 — An out-of-bounds read vulnerability in WLAvalancheService component of Ivanti Avalanche before 6.4.3, in certain conditions can allow an unauthenticated remote attacker to read sensitive information in memory. Una vulnerabilidad de lectura fuera de los límites en el componente WLAvalancheService de Ivanti Avalanche anterior a 6.4.3, en ciertas condiciones, puede permitir que un atacante remoto no autenticado lea información confidencial en la memoria. This vulnerability allows remote attackers to disclose s... • https://forums.ivanti.com/s/article/Avalanche-6-4-3-Security-Hardening-and-CVEs-addressed?language=en_US • CWE-125: Out-of-bounds Read •
CVSS: 8.1EPSS: 5%CPEs: 1EXPL: 0CVE-2024-22061 – Ivanti Avalanche WLInfoRailService Heap-based Buffer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-22061
19 Apr 2024 — A Heap Overflow vulnerability in WLInfoRailService component of Ivanti Avalanche before 6.4.3 allows a remote unauthenticated attacker to execute arbitrary commands Una vulnerabilidad de desbordamiento de montón en el componente WLInfoRailService de Ivanti Avalanche anterior a 6.4.3 permite a un atacante remoto no autenticado ejecutar comandos arbitrarios This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Avalanche. Authentication is not required to expl... • https://forums.ivanti.com/s/article/Avalanche-6-4-3-Security-Hardening-and-CVEs-addressed?language=en_US • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 5.3EPSS: 1%CPEs: 1EXPL: 0CVE-2024-23529 – Ivanti Avalanche WLAvalancheService Out-Of-Bounds Read Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2024-23529
19 Apr 2024 — An out-of-bounds read vulnerability in WLAvalancheService component of Ivanti Avalanche before 6.4.3, in certain conditions can allow an unauthenticated remote attacker to read sensitive information in memory. Una vulnerabilidad de lectura fuera de los límites en el componente WLAvalancheService de Ivanti Avalanche anterior a 6.4.3, en ciertas condiciones, puede permitir que un atacante remoto no autenticado lea información confidencial en la memoria. This vulnerability allows remote attackers to disclose s... • https://forums.ivanti.com/s/article/Avalanche-6-4-3-Security-Hardening-and-CVEs-addressed?language=en_US • CWE-125: Out-of-bounds Read •
CVSS: 5.3EPSS: 1%CPEs: 1EXPL: 0CVE-2024-23528 – Ivanti Avalanche WLAvalancheService Out-Of-Bounds Read Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2024-23528
19 Apr 2024 — An out-of-bounds read vulnerability in WLAvalancheService component of Ivanti Avalanche before 6.4.3, in certain conditions can allow an unauthenticated remote attacker to read sensitive information in memory. Una vulnerabilidad de lectura fuera de los límites en el componente WLAvalancheService de Ivanti Avalanche anterior a 6.4.3, en ciertas condiciones, puede permitir que un atacante remoto no autenticado lea información confidencial en la memoria. This vulnerability allows remote attackers to disclose s... • https://forums.ivanti.com/s/article/Avalanche-6-4-3-Security-Hardening-and-CVEs-addressed?language=en_US • CWE-125: Out-of-bounds Read •