PublicCVE
Log inSign up

CVE-2024-34780

HIGH7.2JSON exportCreate alert

Description

SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote authenticated attacker with admin privileges to achieve remote code execution.

CVSS breakdown

CVSS 3.0
Attack Vector
Network
Attack Complexity
Low
Privileges Required
High
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Affected products

  • Ivanti / EPM2024 November Security Update – 2024 November Security Update
  • Ivanti / EPM2022 SU6 November Security Update – 2022 SU6 November Security Update

References