CVSS: 8.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-29828 – Ivanti Endpoint Manager GetRulesetsSQL SQL Injection Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-29828
An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an authenticated attacker within the same network to execute arbitrary code. ... This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Endpoint Manager. ... An attacker can leverage this vulnerability to execute code in the context of the service account. • https://forums.ivanti.com/s/article/Security-Advisory-May-2024 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0CVE-2024-29848 – Ivanti Avalanche FileStoreConfig Unrestricted File Upload Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-29848
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Avalanche. ... An attacker can leverage this vulnerability to execute code in the context of SYSTEM. • https://forums.ivanti.com/s/article/Security-Advisory-May-2024 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 8.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-29830 – Ivanti Endpoint Manager GetLogFileRulesNameUniqueSQL SQL Injection Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-29830
An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an authenticated attacker within the same network to execute arbitrary code. ... This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Endpoint Manager. ... An attacker can leverage this vulnerability to execute code in the context of the service account. • https://forums.ivanti.com/s/article/Security-Advisory-May-2024 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-29826 – Ivanti Endpoint Manager GetDBPatches SQL Injection Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-29826
An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an unauthenticated attacker within the same network to execute arbitrary code. ... This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Endpoint Manager. ... An attacker can leverage this vulnerability to execute code in the context of the service account. • https://forums.ivanti.com/s/article/Security-Advisory-May-2024 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 38%CPEs: 1EXPL: 3CVE-2024-29824 – Ivanti Endpoint Manager (EPM) SQL Injection Vulnerability
https://notcve.org/view.php?id=CVE-2024-29824
An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an unauthenticated attacker within the same network to execute arbitrary code. ... This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Endpoint Manager. ... An attacker can leverage this vulnerability to execute code in the context of the service account. Ivanti Endpoint Manager (EPM) 2022 SU5 and prior versions are susceptible to an unauthenticated SQL injection vulnerability which can be leveraged to achieve unauthenticated remote code execution. Ivanti Endpoint Manager (EPM) contains a SQL injection vulnerability in Core server that allows an unauthenticated attacker within the same network to execute arbitrary code. • https://github.com/horizon3ai/CVE-2024-29824 https://github.com/R4be1/CVE-2024-29824 https://github.com/codeb0ss/CVE-2024-29824-PoC https://forums.ivanti.com/s/article/Security-Advisory-May-2024 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •