VDB
CVE-2024-32846
CVE-2024-32846
PUBLISHED
Es bestehen mehrere Schwachstellen in Ivanti Endpoint Manager. Diese Fehler betreffen das 2022 SU6 und das 2024 September Update aufgrund einer nicht spezifizierten SQL Injection. Ein privilegierter Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen.
EPSS 11.39% · 93.7th percentile
Risk Scores
EPSS Score
11.39%
93.7th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ivanti | Ivanti Endpoint Manager <2022 SU6 | |
| Ivanti | Ivanti Endpoint Manager <2024 SU1 | |
| Ivanti | Ivanti Endpoint Manager <2024 Security Patch |
Timeline
- Sep 10, 2024 CVE Published
- Sep 12, 2024 EPSS Score
- Sep 16, 2024 CVE Updated
- Oct 4, 2024 Coalition ESS Score
- Oct 22, 2024 EPSS Score
- Nov 10, 2024 EPSS Score
- Dec 21, 2024 EPSS Score
- Jan 10, 2025 EPSS Score
- Feb 18, 2025 EPSS Score
- Mar 10, 2025 EPSS Score
- Mar 25, 2025 EPSS Score
- Mar 29, 2025 EPSS Score
References
- https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-2109.json advisory
- https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-2109 advisory
- https://forums.ivanti.com/s/article/Security-Advisory-EPM-September-2024-for-EPM-2024-and-EPM-2022?language=en_US advisory
- https://summoning.team/blog/ivanti-epm-cve-2024-29847-deserialization-rce/ advisory