VDB
CVE-2024-34785
CVE-2024-34785
PUBLISHED
Es bestehen mehrere Schwachstellen in Ivanti Endpoint Manager. Diese Fehler betreffen das 2022 SU6 und das 2024 September Update aufgrund einer nicht spezifizierten SQL Injection. Ein privilegierter Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen.
EPSS 38.13% · 97.3th percentile
Risk Scores
EPSS Score
38.13%
97.3th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ivanti | Ivanti Endpoint Manager <2024 SU1 | |
| Ivanti | Ivanti Endpoint Manager <2022 SU6 | |
| Ivanti | Ivanti Endpoint Manager <2024 Security Patch |
Exploit Intelligence
- CIRCL seen: CVE-2024-34785 (circl-sighting)
- CIRCL seen: CVE-2024-34785 (circl-sighting)
- https://forums.ivanti.com/s/article/Security-Advisory-EPM-September-2024-for-EPM-2024-and-EPM-2022 (circl)
Timeline
- Sep 10, 2024 CVE Published
- Sep 11, 2024 PoC Published
- Sep 12, 2024 EPSS Score
- Sep 12, 2024 PoC Published
- Sep 16, 2024 CVE Updated
- Oct 4, 2024 Coalition ESS Score
- Oct 22, 2024 EPSS Score
- Nov 10, 2024 EPSS Score
- Dec 21, 2024 EPSS Score
- Jan 10, 2025 EPSS Score
- Feb 18, 2025 EPSS Score
- Mar 10, 2025 EPSS Score
References
- https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-2109.json advisory
- https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-2109 advisory
- https://forums.ivanti.com/s/article/Security-Advisory-EPM-September-2024-for-EPM-2024-and-EPM-2022?language=en_US advisory
- https://summoning.team/blog/ivanti-epm-cve-2024-29847-deserialization-rce/ advisory