cbcvebase.
CVE-2024-29826
published 2024-05-31

CVE-2024-29826: An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an unauthenticated attacker within the same network to…

PriorityP272high8.8CVSS 3.1
AVAACLPRNUINSUCHIHAH
EPSS
99.88%
100.0th percentile
An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an unauthenticated attacker within the same network to execute arbitrary code.

Affected

3 ranges
VendorProductVersion rangeFixed in
ivantiendpoint_manager< 20222022
ivantiendpoint_manager
ivantiepm2022 SU5 – 2022 SU5

Detection & IOCsextracted from sources · hover to see the quote

  • Target product is Ivanti EPM (Endpoint Manager) Core server, versions 2022 SU5 and prior — monitor for anomalous or unauthenticated SQL-related traffic directed at the Core server from within the same network segment
  • Attack vector is adjacent network (same network), unauthenticated — prioritize detection of lateral movement or rogue internal hosts sending unexpected requests to the Ivanti EPM Core server
  • ·The SQL Injection vulnerability is described as 'unspecified' — no specific endpoint, parameter, or payload details are publicly disclosed in the available sources, limiting precise signature-based detection
  • ·CVSS score of 8.8 (HIGH) with CWE-89 (SQL Injection) — exploitation leads to arbitrary code execution, but the specific vulnerable component/API within the Core server is not identified in available documentation

CVSS provenance

nvdv3.18.8HIGHCVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv3.09.6CRITICALCVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.