CVSS: 8.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-37381
https://notcve.org/view.php?id=CVE-2024-37381
An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2024 flat allows an authenticated attacker within the same network to execute arbitrary code. • https://forums.ivanti.com/s/article/Security-Advisory-EPM-July-2024-for-EPM-2024 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-38042
https://notcve.org/view.php?id=CVE-2023-38042
A local privilege escalation vulnerability in Ivanti Secure Access Client for Windows allows a low privileged user to execute code as SYSTEM. Una vulnerabilidad de escalada de privilegios local en Ivanti Secure Access Client para Windows permite a un usuario con pocos privilegios ejecutar código como SYSTEM. • https://forums.ivanti.com/s/article/Security-Advisory-May-2024?language=en_US • CWE-250: Execution with Unnecessary Privileges •
CVSS: 7.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-46810
https://notcve.org/view.php?id=CVE-2023-46810
A local privilege escalation vulnerability in Ivanti Secure Access Client for Linux before 22.7R1, allows a low privileged user to execute code as root. Una vulnerabilidad de escalada de privilegios local en Ivanti Secure Access Client para Linux anterior a 22.7R1 permite a un usuario con pocos privilegios ejecutar código como root. • https://forums.ivanti.com/s/article/Security-Advisory-May-2024 •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-22059
https://notcve.org/view.php?id=CVE-2024-22059
A SQL injection vulnerability in web component of Ivanti Neurons for ITSM allows a remote authenticated user to read/modify/delete information in the underlying database. This may also lead to DoS. Una vulnerabilidad de inyección SQL en el componente web de Ivanti Neurons para ITSM permite a un usuario autenticado remoto leer/modificar/eliminar información en la base de datos subyacente. Esto también puede provocar DoS. • https://forums.ivanti.com/s/article/Security-Advisory-May-2024 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.7EPSS: 0%CPEs: 1EXPL: 0CVE-2024-22060
https://notcve.org/view.php?id=CVE-2024-22060
An unrestricted file upload vulnerability in web component of Ivanti Neurons for ITSM allows a remote, authenticated, high privileged user to write arbitrary files into sensitive directories of ITSM server. Una vulnerabilidad de carga de archivos sin restricciones en el componente web de Ivanti Neurons para ITSM permite a un usuario remoto, autenticado y con altos privilegios escribir archivos arbitrarios en directorios confidenciales del servidor ITSM. • https://forums.ivanti.com/s/article/Security-Advisory-May-2024 • CWE-434: Unrestricted Upload of File with Dangerous Type •