cbcvebase.
CVE-2024-13162
published 2025-01-14

CVE-2024-13162: SQL injection in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote authenticated attacker with…

PriorityP263high7.2CVSS 3.1
AVNACLPRHUINSUCHIHAH
EPSS
64.18%
99.1th percentile
SQL injection in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote authenticated attacker with admin privileges to achieve remote code execution. This CVE addresses incomplete fixes from CVE-2024-32848.

Affected

3 ranges
VendorProductVersion rangeFixed in
ivantiendpoint_manager< 20222022
ivantiendpoint_manager
ivantiendpoint_manager

Detection & IOCsextracted from sources · hover to see the quote

  • Vulnerability class is SQL injection (CWE-89) in Ivanti EPM, exploitable by a remote authenticated attacker with admin privileges to achieve remote code execution
  • This CVE is a partial/incomplete fix follow-up — correlate detections with CVE-2024-32848 exploitation patterns, as the same attack surface is targeted
  • Affected products: Ivanti EPM versions prior to 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update; monitor for exploitation attempts against these unpatched versions
  • ·Exploitation requires the attacker to be authenticated with admin privileges — detections should account for this pre-condition and focus on anomalous SQL activity from admin-level sessions
  • ·CVSS Base Score is 7.2 (HIGH); despite the admin privilege requirement, the RCE outcome warrants high-priority patching and monitoring
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.