CVE-2024-50326 | THREATINT

Description

SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote authenticated attacker with admin privileges to achieve remote code execution.

PUBLISHED Reserved 2024-10-22 | Published 2024-11-12 | Updated 2024-11-19 | Assigner ivanti

HIGH: 7.2CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Problem types

CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Product status

Default status

affected

2024 November Security Update (custom)

unaffected

2022 SU6 November Security Update (custom)

unaffected

References

forums.ivanti.com/...November-2024-for-EPM-2024-and-EPM-2022

cve.org (CVE-2024-50326)

nvd.nist.gov (CVE-2024-50326)