CVSS: 10.0EPSS: 0%CPEs: -EXPL: 2CVE-2024-29847 – Ivanti Endpoint Manager AgentPortal Deserialization of Untrusted Data Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-29847
Deserialization of untrusted data in the agent portal of Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote unauthenticated attacker to achieve remote code execution. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Endpoint Manager. • https://github.com/horizon3ai/CVE-2024-29847 https://github.com/sinsinology/CVE-2024-29847 https://forums.ivanti.com/s/article/Security-Advisory-EPM-September-2024-for-EPM-2024-and-EPM-2022 • CWE-502: Deserialization of Untrusted Data •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-27114 – Remote Code Execution through File Upload in SOPlanning before 1.52.02
https://notcve.org/view.php?id=CVE-2024-27114
A unauthenticated Remote Code Execution (RCE) vulnerability is found in the SO Planning online planning tool. • https://csirt.divd.nl/CVE-2024-27114 • CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-27115 – Remote Code Execution through File Upload in SOPlanning before 1.52.02
https://notcve.org/view.php?id=CVE-2024-27115
A unauthenticated Remote Code Execution (RCE) vulnerability is found in the SO Planning online planning tool. • https://csirt.divd.nl/CVE-2024-27115 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 8.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-43690
https://notcve.org/view.php?id=CVE-2024-43690
Inclusion of Functionality from Untrusted Control Sphere(CWE-829) in the Command Centre Server and Workstations may allow an attacker to perform Remote Code Execution (RCE). This issue affects: Command Centre Server and Command Centre Workstations 9.10 prior to vEL9.10.1530 (MR2), 9.00 prior to vEL9.00.2168 (MR4), 8.90 prior to vEL8.90.2155 (MR5), 8.80 prior to vEL8.80.1938 (MR6), all versions of 8.70 and prior. • https://security.gallagher.com/en-NZ/Security-Advisories/CVE-2024-43690 • CWE-829: Inclusion of Functionality from Untrusted Control Sphere •
CVSS: 9.1EPSS: 0%CPEs: -EXPL: 0CVE-2024-34779 – Ivanti Endpoint Manager loadModuleTable SQL Injection Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-34779
An unspecified SQL injection in Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote authenticated attacker with admin privileges to achieve remote code execution. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Endpoint Manager. • https://forums.ivanti.com/s/article/Security-Advisory-EPM-September-2024-for-EPM-2024-and-EPM-2022 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •