Description
SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a local unauthenticated attacker to achieve code execution. User interaction is required.
CVSS breakdown
CVSS 3.1
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Affected products
- Ivanti / Endpoint Manager2024 November Security Update – 2024 November Security Update
- Ivanti / Endpoint Manager2022 SU6 November Security Update – 2022 SU6 November Security Update