Ivanti Endpoint Manager Vulnerabilities: Path Traversal & SQL Injection (CVE-2024-34787, CVE-2024-32839)

From this webpage screenshot, the following key vulnerability information can be obtained: 1. Vulnerability IDs and Descriptions: - CVE-2024-34787: Path traversal in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a local unauthenticated attacker to achieve code execution. User interaction is required. - CVE-2024-50322: Path traversal in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a local unauthenticated attacker to achieve code execution. User interaction is required. - CVE-2024-32839: SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote authenticated attacker with admin privileges to achieve remote code execution. - CVE-2024-32841: SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote authenticated attacker with admin privileges to achieve remote code execution. - CVE-2024-32844: SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote authenticated attacker with admin privileges to achieve remote code execution. - CVE-2024-32847: SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote authenticated attacker with admin privileges to achieve remote code execution. - CVE-2024-37376: SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote authenticated attacker with admin privileges to achieve remote code execution. - CVE-2024-34781: SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote authenticated attacker with admin privileges to achieve remote code execution. - CVE-2024-34782: SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote authenticated attacker with admin privileges to achieve remote code execution. - CVE-2024-50323: SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote authenticated attacker with admin privileges to achieve remote code execution. - CVE-2024-50326: SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote authenticated attacker with admin privileges to achieve remote code execution. - CVE-2024-50327: SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote authenticated attacker with admin privileges to achieve remote code execution. - CVE-2024-50328: SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote authenticated attacker with admin privileges to achieve remote code execution. - CVE-2024-50329: SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote authenticated attacker to achieve remote code execution. 2. Affected Versions: - Ivanti Endpoint Manager (EPM): 2024 September security update and prior, 2022 SU6 September security update and prior. - EPM 2024: 2024 November Security Update. - EPM 2022 SU6: 2022 SU6 November Security Update. 3. Remediation: - Users are required to apply hotfixes to remediate these vulnerabilities. 4. Vulnerability Details: - Vulnerability types include path traversal and SQL injection. - Affected components include different versions of Ivanti Endpoint Manager. 5. Vulnerability Ratings: - Most vulnerabilities have CVSS scores ranging from 7.2 to 8.8, indicating high severity. 6. Impact: - These vulnerabilities allow unauthorized attackers to execute code, compromising the security of Ivanti Endpoint Manager. This information helps users understand the severity, affected components, and remediation steps for these vulnerabilities.

Goal Reached Thanks to every supporter — we hit 100%!

Ivanti Endpoint Manager Vulnerabilities: Path Traversal & SQL Injection (CVE-2024-34787, CVE-2024-32839)