Multiple vulnerabilities in Ivanti Endpoint Manager
| Risk | Critical |
| Patch available | YES |
| Number of vulnerabilities | 16 |
| CVE-ID | CVE-2024-34783 CVE-2024-34785 CVE-2024-34779 CVE-2024-37397 CVE-2024-32848 CVE-2024-32846 CVE-2024-32845 CVE-2024-32843 CVE-2024-32842 CVE-2024-32840 CVE-2024-8191 CVE-2024-8320 CVE-2024-8321 CVE-2024-8322 CVE-2024-29847 CVE-2024-8441 |
| CWE-ID | CWE-89 CWE-611 CWE-287 CWE-284 CWE-502 CWE-426 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software Subscribe |
Endpoint Manager Server applications / IDS/IPS systems, Firewalls and proxy servers |
| Vendor | Ivanti |
Security Bulletin
This security bulletin contains information about 16 vulnerabilities.
1) SQL injection
EUVDB-ID: #VU97134
Risk: Low
CVSSv3.1: 6.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-34783
CWE-ID:
CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Exploit availability: No
DescriptionThe vulnerability allows a remote user to execute arbitrary SQL queries in database.
The vulnerability exists due to insufficient sanitization of user-supplied data. A remote privileged user can send a specially crafted request to the affected application and execute arbitrary SQL commands within the application database.
Successful exploitation of this vulnerability may allow a remote attacker to read, delete, modify data in database and gain complete control over the affected application.
MitigationInstall updates from vendor's website.
Vulnerable software versionsEndpoint Manager: 2022 - 2024 July Update
CPE2.3- cpe:2.3:a:ivanti:endpoint_manager:2024:July Update:*:*:*:*:*:*
- cpe:2.3:a:ivanti:endpoint_manager:2024:*:*:*:*:*:*:*
- cpe:2.3:a:ivanti:endpoint_manager:2022:SU2:*:*:*:*:*:*
http://forums.ivanti.com/s/article/Security-Advisory-EPM-September-2024-for-EPM-2024-and-EPM-2022?language=en_US
http://www.zerodayinitiative.com/advisories/ZDI-24-1220/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) SQL injection
EUVDB-ID: #VU97135
Risk: Low
CVSSv3.1: 6.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-34785
CWE-ID:
CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Exploit availability: No
DescriptionThe vulnerability allows a remote user to execute arbitrary SQL queries in database.
The vulnerability exists due to insufficient sanitization of user-supplied data. A remote privileged user can send a specially crafted request to the affected application and execute arbitrary SQL commands within the application database.
Successful exploitation of this vulnerability may allow a remote attacker to read, delete, modify data in database and gain complete control over the affected application.
MitigationInstall updates from vendor's website.
Vulnerable software versionsEndpoint Manager: 2022 - 2024 July Update
CPE2.3- cpe:2.3:a:ivanti:endpoint_manager:2024:July Update:*:*:*:*:*:*
- cpe:2.3:a:ivanti:endpoint_manager:2024:*:*:*:*:*:*:*
- cpe:2.3:a:ivanti:endpoint_manager:2022:SU2:*:*:*:*:*:*
http://forums.ivanti.com/s/article/Security-Advisory-EPM-September-2024-for-EPM-2024-and-EPM-2022?language=en_US
http://www.zerodayinitiative.com/advisories/ZDI-24-1221/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) SQL injection
EUVDB-ID: #VU97133
Risk: Low
CVSSv3.1: 6.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-34779
CWE-ID:
CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Exploit availability: No
DescriptionThe vulnerability allows a remote user to execute arbitrary SQL queries in database.
The vulnerability exists due to insufficient sanitization of user-supplied data. A remote privileged user can send a specially crafted request to the affected application and execute arbitrary SQL commands within the application database.
Successful exploitation of this vulnerability may allow a remote attacker to read, delete, modify data in database and gain complete control over the affected application.
MitigationInstall updates from vendor's website.
Vulnerable software versionsEndpoint Manager: 2022 - 2024 July Update
CPE2.3- cpe:2.3:a:ivanti:endpoint_manager:2024:July Update:*:*:*:*:*:*
- cpe:2.3:a:ivanti:endpoint_manager:2024:*:*:*:*:*:*:*
- cpe:2.3:a:ivanti:endpoint_manager:2022:SU2:*:*:*:*:*:*
http://forums.ivanti.com/s/article/Security-Advisory-EPM-September-2024-for-EPM-2024-and-EPM-2022?language=en_US
http://www.zerodayinitiative.com/advisories/ZDI-24-1219/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) XML External Entity injection
EUVDB-ID: #VU97125
Risk: High
CVSSv3.1: 7.1 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-37397
CWE-ID:
CWE-611 - Improper Restriction of XML External Entity Reference ('XXE')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to insufficient validation of user-supplied XML input in the provisioning web service. A remote attacker can pass a specially crafted XML code to the affected application and view contents of arbitrary files on the system or initiate requests to external systems.
Successful exploitation of the vulnerability may allow an attacker to view contents of arbitrary file on the server or perform network scanning of internal and external infrastructure.
MitigationInstall updates from vendor's website.
Vulnerable software versionsEndpoint Manager: 2022 - 2024 July Update
CPE2.3- cpe:2.3:a:ivanti:endpoint_manager:2024:July Update:*:*:*:*:*:*
- cpe:2.3:a:ivanti:endpoint_manager:2024:*:*:*:*:*:*:*
- cpe:2.3:a:ivanti:endpoint_manager:2022:SU2:*:*:*:*:*:*
http://forums.ivanti.com/s/article/Security-Advisory-EPM-September-2024-for-EPM-2024-and-EPM-2022?language=en_US
http://www.zerodayinitiative.com/advisories/ZDI-24-1212/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) SQL injection
EUVDB-ID: #VU97132
Risk: Low
CVSSv3.1: 6.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-32848
CWE-ID:
CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Exploit availability: No
DescriptionThe vulnerability allows a remote user to execute arbitrary SQL queries in database.
The vulnerability exists due to insufficient sanitization of user-supplied data. A remote privileged user can send a specially crafted request to the affected application and execute arbitrary SQL commands within the application database.
Successful exploitation of this vulnerability may allow a remote attacker to read, delete, modify data in database and gain complete control over the affected application.
MitigationInstall updates from vendor's website.
Vulnerable software versionsEndpoint Manager: 2022 - 2024 July Update
CPE2.3- cpe:2.3:a:ivanti:endpoint_manager:2024:July Update:*:*:*:*:*:*
- cpe:2.3:a:ivanti:endpoint_manager:2024:*:*:*:*:*:*:*
- cpe:2.3:a:ivanti:endpoint_manager:2022:SU2:*:*:*:*:*:*
http://forums.ivanti.com/s/article/Security-Advisory-EPM-September-2024-for-EPM-2024-and-EPM-2022?language=en_US
http://www.zerodayinitiative.com/advisories/ZDI-24-1218/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) SQL injection
EUVDB-ID: #VU97131
Risk: Low
CVSSv3.1: 6.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-32846
CWE-ID:
CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Exploit availability: No
DescriptionThe vulnerability allows a remote user to execute arbitrary SQL queries in database.
The vulnerability exists due to insufficient sanitization of user-supplied data. A remote privileged user can send a specially crafted request to the affected application and execute arbitrary SQL commands within the application database.
Successful exploitation of this vulnerability may allow a remote attacker to read, delete, modify data in database and gain complete control over the affected application.
MitigationInstall updates from vendor's website.
Vulnerable software versionsEndpoint Manager: 2022 - 2024 July Update
CPE2.3- cpe:2.3:a:ivanti:endpoint_manager:2024:July Update:*:*:*:*:*:*
- cpe:2.3:a:ivanti:endpoint_manager:2024:*:*:*:*:*:*:*
- cpe:2.3:a:ivanti:endpoint_manager:2022:SU2:*:*:*:*:*:*
http://forums.ivanti.com/s/article/Security-Advisory-EPM-September-2024-for-EPM-2024-and-EPM-2022?language=en_US
http://www.zerodayinitiative.com/advisories/ZDI-24-1217/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) SQL injection
EUVDB-ID: #VU97130
Risk: Low
CVSSv3.1: 6.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-32845
CWE-ID:
CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Exploit availability: No
DescriptionThe vulnerability allows a remote user to execute arbitrary SQL queries in database.
The vulnerability exists due to insufficient sanitization of user-supplied data. A remote privileged user can send a specially crafted request to the affected application and execute arbitrary SQL commands within the application database.
Successful exploitation of this vulnerability may allow a remote attacker to read, delete, modify data in database and gain complete control over the affected application.
MitigationInstall updates from vendor's website.
Vulnerable software versionsEndpoint Manager: 2022 - 2024 July Update
CPE2.3- cpe:2.3:a:ivanti:endpoint_manager:2024:July Update:*:*:*:*:*:*
- cpe:2.3:a:ivanti:endpoint_manager:2024:*:*:*:*:*:*:*
- cpe:2.3:a:ivanti:endpoint_manager:2022:SU2:*:*:*:*:*:*
http://forums.ivanti.com/s/article/Security-Advisory-EPM-September-2024-for-EPM-2024-and-EPM-2022?language=en_US
http://www.zerodayinitiative.com/advisories/ZDI-24-1216/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
8) SQL injection
EUVDB-ID: #VU97129
Risk: Low
CVSSv3.1: 6.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-32843
CWE-ID:
CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Exploit availability: No
DescriptionThe vulnerability allows a remote user to execute arbitrary SQL queries in database.
The vulnerability exists due to insufficient sanitization of user-supplied data. A remote privileged user can send a specially crafted request to the affected application and execute arbitrary SQL commands within the application database.
Successful exploitation of this vulnerability may allow a remote attacker to read, delete, modify data in database and gain complete control over the affected application.
MitigationInstall updates from vendor's website.
Vulnerable software versionsEndpoint Manager: 2022 - 2024 July Update
CPE2.3- cpe:2.3:a:ivanti:endpoint_manager:2024:July Update:*:*:*:*:*:*
- cpe:2.3:a:ivanti:endpoint_manager:2024:*:*:*:*:*:*:*
- cpe:2.3:a:ivanti:endpoint_manager:2022:SU2:*:*:*:*:*:*
http://forums.ivanti.com/s/article/Security-Advisory-EPM-September-2024-for-EPM-2024-and-EPM-2022?language=en_US
http://www.zerodayinitiative.com/advisories/ZDI-24-1215/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
9) SQL injection
EUVDB-ID: #VU97128
Risk: Low
CVSSv3.1: 6.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-32842
CWE-ID:
CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Exploit availability: No
DescriptionThe vulnerability allows a remote user to execute arbitrary SQL queries in database.
The vulnerability exists due to insufficient sanitization of user-supplied data. A remote privileged user can send a specially crafted request to the affected application and execute arbitrary SQL commands within the application database.
Successful exploitation of this vulnerability may allow a remote attacker to read, delete, modify data in database and gain complete control over the affected application.
MitigationInstall updates from vendor's website.
Vulnerable software versionsEndpoint Manager: 2022 - 2024 July Update
CPE2.3- cpe:2.3:a:ivanti:endpoint_manager:2024:July Update:*:*:*:*:*:*
- cpe:2.3:a:ivanti:endpoint_manager:2024:*:*:*:*:*:*:*
- cpe:2.3:a:ivanti:endpoint_manager:2022:SU2:*:*:*:*:*:*
http://forums.ivanti.com/s/article/Security-Advisory-EPM-September-2024-for-EPM-2024-and-EPM-2022?language=en_US
http://www.zerodayinitiative.com/advisories/ZDI-24-1214/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
10) SQL injection
EUVDB-ID: #VU97127
Risk: Low
CVSSv3.1: 6.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-32840
CWE-ID:
CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Exploit availability: No
DescriptionThe vulnerability allows a remote user to execute arbitrary SQL queries in database.
The vulnerability exists due to insufficient sanitization of user-supplied data. A remote privileged user can send a specially crafted request to the affected application and execute arbitrary SQL commands within the application database.
Successful exploitation of this vulnerability may allow a remote attacker to read, delete, modify data in database and gain complete control over the affected application.
MitigationInstall updates from vendor's website.
Vulnerable software versionsEndpoint Manager: 2022 - 2024 July Update
CPE2.3- cpe:2.3:a:ivanti:endpoint_manager:2024:July Update:*:*:*:*:*:*
- cpe:2.3:a:ivanti:endpoint_manager:2024:*:*:*:*:*:*:*
- cpe:2.3:a:ivanti:endpoint_manager:2022:SU2:*:*:*:*:*:*
http://forums.ivanti.com/s/article/Security-Advisory-EPM-September-2024-for-EPM-2024-and-EPM-2022?language=en_US
http://www.zerodayinitiative.com/advisories/ZDI-24-1213/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
11) SQL injection
EUVDB-ID: #VU97126
Risk: High
CVSSv3.1: 8.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-8191
CWE-ID:
CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary SQL queries in database.
The vulnerability exists due to insufficient sanitization of user-supplied data in the management console. A remote attacker can send a specially crafted request to the affected application and execute arbitrary SQL commands within the application database.
Successful exploitation of this vulnerability may allow a remote attacker to read, delete, modify data in database and gain complete control over the affected application.
MitigationInstall updates from vendor's website.
Vulnerable software versionsEndpoint Manager: 2022 - 2024 July Update
CPE2.3- cpe:2.3:a:ivanti:endpoint_manager:2024:July Update:*:*:*:*:*:*
- cpe:2.3:a:ivanti:endpoint_manager:2024:*:*:*:*:*:*:*
- cpe:2.3:a:ivanti:endpoint_manager:2022:SU2:*:*:*:*:*:*
http://forums.ivanti.com/s/article/Security-Advisory-EPM-September-2024-for-EPM-2024-and-EPM-2022?language=en_US
http://www.zerodayinitiative.com/advisories/ZDI-24-1211/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
12) Improper Authentication
EUVDB-ID: #VU97136
Risk: Medium
CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-8320
CWE-ID:
CWE-287 - Improper Authentication
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform spoofing attack.
The vulnerability exists due to missing authentication in Network Isolation service. A remote non-authenticated attacker can poof Network Isolation status of managed devices.
Install updates from vendor's website.
Vulnerable software versionsEndpoint Manager: 2022 - 2024 July Update
CPE2.3- cpe:2.3:a:ivanti:endpoint_manager:2024:July Update:*:*:*:*:*:*
- cpe:2.3:a:ivanti:endpoint_manager:2024:*:*:*:*:*:*:*
- cpe:2.3:a:ivanti:endpoint_manager:2022:SU2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
13) Improper Authentication
EUVDB-ID: #VU97137
Risk: Medium
CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-8321
CWE-ID:
CWE-287 - Improper Authentication
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to missing authentication in Network Isolation service. A remote non-authenticated attacker can isolate managed devices from the network.
Install updates from vendor's website.
Vulnerable software versionsEndpoint Manager: 2022 - 2024 July Update
CPE2.3- cpe:2.3:a:ivanti:endpoint_manager:2024:July Update:*:*:*:*:*:*
- cpe:2.3:a:ivanti:endpoint_manager:2024:*:*:*:*:*:*:*
- cpe:2.3:a:ivanti:endpoint_manager:2022:SU2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
14) Improper access control
EUVDB-ID: #VU97138
Risk: Low
CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-8322
CWE-ID:
CWE-284 - Improper Access Control
Exploit availability: No
DescriptionThe vulnerability allows a remote user to gain unauthorized access to otherwise restricted functionality.
The vulnerability exists due to improper access restrictions in Patch Management. A remote user can bypass implemented security restrictions and gain unauthorized access to the application.
MitigationInstall updates from vendor's website.
Vulnerable software versionsEndpoint Manager: 2022 - 2024 July Update
CPE2.3- cpe:2.3:a:ivanti:endpoint_manager:2024:July Update:*:*:*:*:*:*
- cpe:2.3:a:ivanti:endpoint_manager:2024:*:*:*:*:*:*:*
- cpe:2.3:a:ivanti:endpoint_manager:2022:SU2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
15) Deserialization of Untrusted Data
EUVDB-ID: #VU97139
Risk: Critical
CVSSv3.1: 8.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-29847
CWE-ID:
CWE-502 - Deserialization of Untrusted Data
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to insecure input validation when processing serialized data in the agent portal. A remote attacker can pass specially crafted data to the application and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsEndpoint Manager: 2022 - 2024 July Update
CPE2.3- cpe:2.3:a:ivanti:endpoint_manager:2024:July Update:*:*:*:*:*:*
- cpe:2.3:a:ivanti:endpoint_manager:2024:*:*:*:*:*:*:*
- cpe:2.3:a:ivanti:endpoint_manager:2022:SU2:*:*:*:*:*:*
http://forums.ivanti.com/s/article/Security-Advisory-EPM-September-2024-for-EPM-2024-and-EPM-2022?language=en_US
http://www.zerodayinitiative.com/advisories/ZDI-24-1223/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
16) Untrusted search path
EUVDB-ID: #VU97140
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-8441
CWE-ID:
CWE-426 - Untrusted Search Path
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to usage of an untrusted search path. A local user can place a malicious binary into a specific location on the system and execute arbitrary code with escalated privileges.
MitigationInstall updates from vendor's website.
Vulnerable software versionsEndpoint Manager: 2022 - 2024 July Update
CPE2.3- cpe:2.3:a:ivanti:endpoint_manager:2024:July Update:*:*:*:*:*:*
- cpe:2.3:a:ivanti:endpoint_manager:2024:*:*:*:*:*:*:*
- cpe:2.3:a:ivanti:endpoint_manager:2022:SU2:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
