cve,link,title,description,vendor,products,score,severity,epss,cisa,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2024-37376,https://securityvulnerability.io/vulnerability/CVE-2024-37376,Remote Code Execution Vulnerability in Ivanti Endpoint Manager,"The vulnerability involves a SQL injection in Ivanti Endpoint Manager, allowing an attacker with administrative access to execute arbitrary code remotely. This flaw exists in versions that have not received updates as of November 2024 or those prior to the November 2022 Security Update. If exploited, this vulnerability can lead to significant impacts on the security posture of affected environments.",Ivanti,Epm,7.2,HIGH,0.0006500000017695129,false,false,false,false,,false,false,2024-11-13T02:15:00.000Z,0
CVE-2024-32844,https://securityvulnerability.io/vulnerability/CVE-2024-32844,Remote Code Execution Vulnerability Affects Ivanti Endpoint Manager,"A SQL injection vulnerability exists in Ivanti Endpoint Manager prior to the November 2024 Security Update and the November 2022 SU6 update. This flaw enables remote authenticated attackers with administrative privileges to exploit the system, potentially leading to remote code execution. Attackers can manipulate database queries, resulting in unintended behavior and compromising the integrity of the affected system.",Ivanti,Epm,7.2,HIGH,0.0006500000017695129,false,false,false,false,,false,false,2024-11-13T02:15:00.000Z,0
CVE-2024-32841,https://securityvulnerability.io/vulnerability/CVE-2024-32841,Ivanti Endpoint Manager vulnerable to SQL Injection,"A critical SQL injection flaw allows a remote authenticated attacker with administrative privileges to execute arbitrary code within Ivanti Endpoint Manager, impacting versions before the November 2024 Security Update and the November 2022 SU6. This vulnerability poses a significant risk, enabling unauthorized access and potential control over affected systems, necessitating immediate remediation.",Ivanti,Epm,7.2,HIGH,0.0006500000017695129,false,false,false,false,,false,false,2024-11-13T02:15:00.000Z,0
CVE-2024-32839,https://securityvulnerability.io/vulnerability/CVE-2024-32839,Remote Code Execution Vulnerability,"A SQL injection vulnerability exists in Ivanti Endpoint Manager that affects versions prior to the November 2024 Security Update and the 2022 SU6 November Security Update. This flaw allows a remote authenticated attacker with administrative privileges to execute arbitrary code on the impacted system. By exploiting this vulnerability, attackers can manipulate database queries, compromising the confidentiality, integrity, and availability of the system. Organizations using Ivanti Endpoint Manager are advised to implement security updates promptly to mitigate the risks associated with this vulnerability.",Ivanti,Epm,7.2,HIGH,0.0006500000017695129,false,false,false,false,,false,false,2024-11-13T02:15:00.000Z,0
CVE-2024-34780,https://securityvulnerability.io/vulnerability/CVE-2024-34780,Remote Code Execution Vulnerability in Ivanti Endpoint Manager,"A SQL injection vulnerability exists in Ivanti Endpoint Manager that permits a remote attacker, authenticated with admin privileges, to execute arbitrary code on affected systems. This vulnerability affects versions prior to the November 2024 Security Update and the November 2022 SU6 Security Update, exposing sensitive data and compromising system integrity. Organizations using this product are strongly advised to apply the necessary security updates to mitigate potential exploitation.",Ivanti,Epm,7.2,HIGH,0.0004299999854993075,false,false,false,false,,false,false,2024-11-13T02:15:00.000Z,0
CVE-2024-34781,https://securityvulnerability.io/vulnerability/CVE-2024-34781,Remote Code Execution Vulnerability in Ivanti Endpoint Manager Pre-2024 November Security Updates,"A SQL injection vulnerability has been identified in Ivanti Endpoint Manager that permits a remote authenticated attacker with administrative privileges to execute arbitrary code on the affected system. This vulnerability impacts versions of Ivanti Endpoint Manager before the November 2024 Security Update and the November 2022 SU6. Attackers can exploit this weak point by sending specially crafted SQL queries, leading to significant risks, including unauthorized access and system compromise.",Ivanti,Epm,7.2,HIGH,0.0006500000017695129,false,false,false,false,,false,false,2024-11-13T02:15:00.000Z,0
CVE-2024-34782,https://securityvulnerability.io/vulnerability/CVE-2024-34782,Remote Code Execution Vulnerability in Ivanti Endpoint Manager,"A significant SQL injection vulnerability exists within Ivanti Endpoint Manager, specifically affecting versions that precede the November 2024 Security Update and 2022 SU6 November Security Update. This vulnerability enables an attacker with administrative access to execute arbitrary code remotely, potentially leading to unauthorized control over impacted systems. Organizations utilizing affected versions should prioritize remediation to safeguard against potential exploitation of this vulnerability.",Ivanti,Epm,7.2,HIGH,0.0006500000017695129,false,false,false,false,,false,false,2024-11-13T02:15:00.000Z,0
CVE-2024-34784,https://securityvulnerability.io/vulnerability/CVE-2024-34784,Remote Code Execution Vulnerability in Ivanti Endpoint Manager,"A SQL injection vulnerability exists in Ivanti Endpoint Manager, which allows a remote authenticated attacker with administrative privileges to execute arbitrary code remotely. This weakness affects versions of the software prior to the security updates released in November 2024 and November 2022. Proper caution should be exercised by users to mitigate potential risks associated with this vulnerability.",Ivanti,Epm,7.2,HIGH,0.0006500000017695129,false,false,false,false,,false,false,2024-11-13T02:15:00.000Z,0
CVE-2024-34787,https://securityvulnerability.io/vulnerability/CVE-2024-34787,UnAuthenticated Code Execution Vulnerability in Ivanti Endpoint Manager,"A path traversal vulnerability exists in Ivanti Endpoint Manager, which can allow a local unauthenticated attacker to execute arbitrary code. This vulnerability affects versions prior to the November 2024 Security Update and the 2022 SU6 November Security Update. User interaction is necessary for the exploit to succeed, making it imperative for users and administrators to ensure they are operating on the latest software updates to mitigate this security risk. For more details, refer to the official security advisory.",Ivanti,Epm,7.8,HIGH,0.0013299999991431832,false,false,false,false,,false,false,2024-11-13T02:15:00.000Z,0
CVE-2024-32847,https://securityvulnerability.io/vulnerability/CVE-2024-32847,Remote Code Execution Vulnerability in Ivanti Endpoint Manager,"The vulnerability in Ivanti Endpoint Manager products prior to the November 2024 Security Update allows remote authenticated attackers with administrative privileges to exploit an SQL injection vulnerability. This exploitation can lead to potential remote code execution, compromising the security of systems using affected versions of the product. Implement appropriate security measures and updates to safeguard your infrastructure against potential risks.",Ivanti,Epm,7.2,HIGH,0.0006500000017695129,false,false,false,false,,false,false,2024-11-13T02:15:00.000Z,0
CVE-2024-32840,https://securityvulnerability.io/vulnerability/CVE-2024-32840,Remote Code Execution Vulnerability in Ivanti EPM,"An SQL injection vulnerability exists in Ivanti Endpoint Manager (EPM) that allows a remote authenticated attacker with administrative privileges to execute arbitrary code on the server. This vulnerability primarily affects versions prior to the 2022 SU6 update and the September 2024 update of Ivanti EPM. The absence of adequate input validation in the affected products exposes organizations to potential remote attacks, underscoring the necessity for immediate patching and security measures.",Ivanti,Epm,7.2,HIGH,0.003759999992325902,false,false,false,false,,false,false,2024-09-12T01:09:56.338Z,0
CVE-2024-34783,https://securityvulnerability.io/vulnerability/CVE-2024-34783,Ivanti EPM Vulnerable to Remote Code Execution via SQL Injection,"A SQL injection vulnerability exists in Ivanti Endpoint Manager prior to the 2022 SU6 and the September 2024 update. This flaw enables remote authenticated attackers with administrative privileges to execute arbitrary code on the affected system, potentially leading to unauthorized access and further exploitation of the system.",Ivanti,Epm,7.2,HIGH,0.003759999992325902,false,false,false,false,,false,false,2024-09-12T01:09:56.337Z,0
CVE-2024-29847,https://securityvulnerability.io/vulnerability/CVE-2024-29847,Remote Code Execution Vulnerability in Ivanti EPM Agent Portal,"A critical security vulnerability exists within the Ivanti Endpoint Manager (EPM) agent portal, allowing for unauthorized remote access and execution of arbitrary code. This vulnerability is rooted in improper deserialization of untrusted data, which can be exploited by attackers to execute malicious commands on affected systems. Both the 2024 version and previous iterations before the 2022 SU6 update are susceptible to this exploit, posing significant risks to organizations using Ivanti's solutions. Mitigation measures are strongly advised as detailed in Ivanti's security advisory.",Ivanti,Epm,9.8,CRITICAL,0.013330000452697277,false,true,false,true,true,true,true,2024-09-12T01:09:56.277Z,7345
CVE-2024-34779,https://securityvulnerability.io/vulnerability/CVE-2024-34779,"Ivanti EPM vulnerable to SQL injection, allowing remote code execution","A previously undetected SQL injection vulnerability exists in Ivanti Endpoint Manager prior to 2022 SU6 and the September 2024 update. This flaw allows an authenticated attacker with administrative privileges to exploit the application, potentially leading to unauthorized remote code execution. Due to the nature of SQL injection vulnerabilities, an attacker could manipulate database queries, compromising the integrity and availability of the application and possibly affecting the broader network. Organizations should prioritize the application of security updates and patch management strategies to mitigate this risk.",Ivanti,Epm,7.2,HIGH,0.003759999992325902,false,false,false,false,,false,false,2024-09-12T01:09:56.258Z,0
CVE-2024-37397,https://securityvulnerability.io/vulnerability/CVE-2024-37397,Ivanti EPM XML Entity Vulnerability,"The vulnerability pertains to an External XML Entity (XXE) flaw in the provisioning web service of Ivanti Endpoint Manager (EPM). This issue can be exploited by remote unauthenticated attackers, leading to the potential exposure of sensitive API secrets. The vulnerability affects all versions of Ivanti EPM prior to the 2022 SU6 and the updated version from September 2024, highlighting the critical need for immediate remediation.",Ivanti,Epm,8.2,HIGH,0.0006500000017695129,false,false,false,false,,false,false,2024-09-12T01:09:56.254Z,0
CVE-2024-32848,https://securityvulnerability.io/vulnerability/CVE-2024-32848,Ivanti EPM Remote Code Execution Vulnerability,"An SQL injection vulnerability has been identified in Ivanti Endpoint Manager (EPM), affecting versions prior to the 2022 SU6 and the September 2024 update. This vulnerability allows a remote authenticated attacker with administrative privileges to execute arbitrary code on the affected system, potentially compromising the integrity and confidentiality of the environment. Mitigation strategies are recommended to address this significant security concern.",Ivanti,Epm,7.2,HIGH,0.003759999992325902,false,false,false,false,,false,false,2024-09-12T01:09:56.249Z,0
CVE-2024-34785,https://securityvulnerability.io/vulnerability/CVE-2024-34785,Remote Code Execution Vulnerability in Ivanti EPM Before 2022 SU6 and 2024 September Update,"An unspecified vulnerability in Ivanti Endpoint Manager prior to the 2022 SU6 update and the September 2024 release can be exploited through SQL injection. This weakness allows a remote authenticated user with administrative privileges to execute arbitrary code on the affected system. Malicious actors can leverage this vulnerability to compromise the integrity and confidentiality of the system, highlighting the need for prompt updates and security measures.",Ivanti,Epm,7.2,HIGH,0.003759999992325902,false,false,false,false,,false,false,2024-09-12T01:09:56.248Z,0
CVE-2024-32843,https://securityvulnerability.io/vulnerability/CVE-2024-32843,Remote Code Execution Vulnerability in Ivanti EPM,"An unspecified SQL injection vulnerability exists within Ivanti Endpoint Manager versions prior to 2022 SU6 and the September 2024 update. This issue allows a remote authenticated attacker with administrative privileges to execute arbitrary code remotely, posing a significant risk to systems utilizing the affected products. Administrators are advised to apply the latest updates to mitigate potential exploitation of this vulnerability.",Ivanti,Epm,7.2,HIGH,0.003759999992325902,false,false,false,false,,false,false,2024-09-12T01:09:56.230Z,0
CVE-2024-32846,https://securityvulnerability.io/vulnerability/CVE-2024-32846,Ivanti EPM vulnerable to SQL Injection,"An unspecified SQL injection vulnerability discovered in Ivanti Endpoint Manager prior to the 2022 SU6 and the September 2024 updates poses a significant security risk. This flaw enables a remote authenticated attacker with administrative privileges to execute arbitrary code on the affected system, potentially compromising sensitive information and system integrity. Organizations utilizing vulnerable versions of Ivanti EPM should prioritize immediate updates to safeguard against potential exploitation.",Ivanti,Epm,7.2,HIGH,0.003759999992325902,false,false,false,false,,false,false,2024-09-12T01:09:56.175Z,0
CVE-2024-32845,https://securityvulnerability.io/vulnerability/CVE-2024-32845,"Ivanti EPM vulnerable to SQL injection, remote code execution","An SQL injection vulnerability exists in Ivanti Endpoint Manager, allowing remote authenticated attackers with administrative privileges to execute arbitrary code on affected systems. This flaw affects versions of the software prior to the 2022 SU6 release and the updates made in September 2024. Exploiting this vulnerability could enable unauthorized actions and potentially compromise the integrity of systems running the software.",Ivanti,Epm,7.2,HIGH,0.003759999992325902,false,false,false,false,,false,false,2024-09-12T01:09:56.175Z,0
CVE-2024-32842,https://securityvulnerability.io/vulnerability/CVE-2024-32842,Remote Code Execution Vulnerability in Ivanti EPM,"A vulnerability exists in Ivanti Endpoint Manager that allows an authenticated remote attacker with administrative privileges to exploit SQL injection flaws. This exploitation can lead to the execution of arbitrary code, potentially allowing the attacker to compromise the affected system. Organizations using Ivanti Endpoint Manager versions prior to 2022 SU6 and the September 2024 update should prioritize applying the available patches to mitigate this risk effectively. For more information and mitigation strategies, refer to the official security advisory.",Ivanti,Epm,7.2,HIGH,0.003759999992325902,false,false,false,false,,false,false,2024-09-12T01:09:56.173Z,0
CVE-2024-37381,https://securityvulnerability.io/vulnerability/CVE-2024-37381,Unauthorized Execution of Arbitrary Code via SQL Injection in Ivanti EPM 2024 Flat,"A vulnerability exists in the Core Server of Ivanti EPM 2024, characterized as an SQL Injection flaw. This issue allows authenticated users within the same network to manipulate SQL queries, potentially leading to the execution of arbitrary code. Attackers able to exploit this vulnerability could gain unauthorized access to sensitive data or execute malicious actions, thereby compromising the integrity and availability of the affected systems.",Ivanti,Epm,8.4,HIGH,0.0004299999854993075,false,false,false,false,,false,false,2024-07-29T05:43:16.144Z,0
CVE-2024-29823,https://securityvulnerability.io/vulnerability/CVE-2024-29823,Unauthenticated SQL Injection Vulnerability Affects Ivanti EPM,"An unspecified SQL Injection vulnerability exists within the Core server of Ivanti EPM, specifically affecting version 2022 SU5 and earlier. This vulnerability allows an unauthenticated attacker on the same network to execute arbitrary code, posing significant risks to the security and integrity of the affected system. Proper network security measures are essential to mitigate potential exploitation.",Ivanti,Epm,8.8,HIGH,0.0011399999493733048,false,false,false,false,,false,false,2024-05-31T17:38:31.409Z,0
CVE-2024-29827,https://securityvulnerability.io/vulnerability/CVE-2024-29827,Unauthenticated SQL Injection Vulnerability Affects Ivanti EPM,"An unspecified SQL injection vulnerability exists in the Core server of Ivanti EPM versions 2022 SU5 and earlier. This flaw allows unauthenticated attackers within the same network environment to execute arbitrary code, potentially compromising the integrity and confidentiality of the affected system. Organizations using Ivanti EPM should assess their exposure to this vulnerability and take appropriate measures to protect their network.",Ivanti,Epm,8.8,HIGH,0.0011399999493733048,false,false,false,false,,false,false,2024-05-31T17:38:31.405Z,0
CVE-2024-29822,https://securityvulnerability.io/vulnerability/CVE-2024-29822,Unauthenticated SQL Injection Vulnerability Affects Ivanti EPM,"An SQL injection vulnerability affects the Core server component of Ivanti Endpoint Manager (EPM), allowing an unauthenticated attacker on the same network to execute arbitrary commands. This vulnerability exposes the affected versions to significant risks, where attackers may manipulate SQL queries to gain unauthorized access to sensitive system components and potentially execute harmful code. Organizations using affected versions are advised to assess their security posture and apply necessary mitigations to protect their environments.",Ivanti,Epm,8.8,HIGH,0.0011399999493733048,false,true,false,false,,false,false,2024-05-31T17:38:31.401Z,0