CVE-2024-29824

HighKnown Exploited

An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an unauthenticated attacker within the…

hackerone·CWE-89·Published 2024-05-31

CVSS

8.8

EPSS

1.00

KEV

Yes

Exploits

cve.orgen

176 chars

An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an unauthenticated attacker within the same network to execute arbitrary code.

NVDen

176 chars

An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an unauthenticated attacker within the same network to execute arbitrary code.

Una vulnerabilidad de inyección SQL no especificada en el servidor central de Ivanti EPM 2022 SU5 y anteriores permite que un atacante no autenticado dentro de la misma red ejecute código arbitrario.

CVSS metrics across sources

Version	Type	Source	Base	Exp	Impact	Vector
3.0	Primary	cve.org	9.6	—	—	CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
3.0	Secondary	NVD	9.6	2.8	6.0	CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
3.1	Primary	NVD	8.8	2.8	5.9	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H