CVE-2024-29827

High

An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an unauthenticated attacker within the…

hackerone·CWE-89·Published 2024-05-31

CVSS

8.8

EPSS

0.72

KEV

Exploits

cve.orgen

177 chars

An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an unauthenticated attacker within the same network to execute arbitrary code.

NVDen

177 chars

An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an unauthenticated attacker within the same network to execute arbitrary code.

NVDes

199 chars

Una vulnerabilidad de inyección SQL no especificada en el servidor central de Ivanti EPM 2022 SU5 y anteriores permite que un atacante no autenticado dentro de la misma red ejecute código arbitrario.

CVSS metrics across sources

Version	Type	Source	Base	Exp	Impact	Vector
3.0	Primary	cve.org	9.6	—	—	CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
3.0	Secondary	NVD	9.6	2.8	6.0	CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H