CVSS: 7.2EPSS: 0%CPEs: -EXPL: 0CVE-2024-34780
https://notcve.org/view.php?id=CVE-2024-34780
SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote authenticated attacker with admin privileges to achieve remote code execution. • https://forums.ivanti.com/s/article/Security-Advisory-EPM-November-2024-for-EPM-2024-and-EPM-2022 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.1EPSS: 0%CPEs: -EXPL: 0CVE-2024-39712
https://notcve.org/view.php?id=CVE-2024-39712
Argument injection in Ivanti Connect Secure before version 22.7R2.1 and 9.1R18.7 and Ivanti Policy Secure before version 22.7R1.1 allows a remote authenticated attacker with admin privileges to achieve remote code execution. Argument injection in Ivanti Connect Secure before version 22.7R2.1 and 9.1R18.7 and Ivanti Policy Secure before version 22.7R1.1 and 9.1R18.7 allows a remote authenticated attacker with admin privileges to achieve remote code execution. • https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Connect-Secure-ICS-Ivanti-Policy-Secure-IPS-Ivanti-Secure-Access-Client-ISAC-Multiple-CVEs • CWE-88: Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') •
CVSS: 9.1EPSS: 0%CPEs: -EXPL: 0CVE-2024-39711
https://notcve.org/view.php?id=CVE-2024-39711
Argument injection in Ivanti Connect Secure before version 22.7R2.1 and 9.1R18.7 and Ivanti Policy Secure before version 22.7R1.1 allows a remote authenticated attacker with admin privileges to achieve remote code execution. Argument injection in Ivanti Connect Secure before version 22.7R2.1 and 9.1R18.7 and Ivanti Policy Secure before version 22.7R1.1 and 9.1R18.7 allows a remote authenticated attacker with admin privileges to achieve remote code execution. • https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Connect-Secure-ICS-Ivanti-Policy-Secure-IPS-Ivanti-Secure-Access-Client-ISAC-Multiple-CVEs • CWE-88: Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') •
CVSS: 9.1EPSS: 0%CPEs: -EXPL: 0CVE-2024-38656
https://notcve.org/view.php?id=CVE-2024-38656
Argument injection in Ivanti Connect Secure before version 22.7R2.2 and 9.1R18.9 and Ivanti Policy Secure before version 22.7R1.2 allows a remote authenticated attacker with admin privileges to achieve remote code execution. Argument injection in Ivanti Connect Secure before version 22.7R2.2 and 9.1R18.9 and Ivanti Policy Secure before version 22.7R1.2 and 9.1R18.9 allows a remote authenticated attacker with admin privileges to achieve remote code execution. • https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Connect-Secure-ICS-Ivanti-Policy-Secure-IPS-Ivanti-Secure-Access-Client-ISAC-Multiple-CVEs • CWE-88: Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') •
CVSS: 9.1EPSS: 0%CPEs: -EXPL: 0CVE-2024-39710
https://notcve.org/view.php?id=CVE-2024-39710
Argument injection in Ivanti Connect Secure before version 22.7R2 and 9.1R18.7 and Ivanti Policy Secure before version 22.7R1.1 allows a remote authenticated attacker with admin privileges to achieve remote code execution. Argument injection in Ivanti Connect Secure before version 22.7R2.1 and 9.1R18.7 and Ivanti Policy Secure before version 22.7R1.1 and 9.1R18.7 allows a remote authenticated attacker with admin privileges to achieve remote code execution. • https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Connect-Secure-ICS-Ivanti-Policy-Secure-IPS-Ivanti-Secure-Access-Client-ISAC-Multiple-CVEs • CWE-88: Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') •