cbcvebase.
CVE-2024-50326
published 2024-11-12

CVE-2024-50326: SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote authenticated attacker with…

PriorityP258high7.2CVSS 3.1
AVNACLPRHUINSUCHIHAH
EPSS
25.81%
97.7th percentile
SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote authenticated attacker with admin privileges to achieve remote code execution.

Affected

3 ranges
VendorProductVersion rangeFixed in
ivantiendpoint_manager< 20222022
ivantiendpoint_manager
ivantiendpoint_manager

Detection & IOCsextracted from sources · hover to see the quote

  • Vulnerability class is SQL injection (CWE-89) in Ivanti Endpoint Manager; monitor for anomalous or malformed SQL query patterns in EPM database logs originating from authenticated admin sessions
  • Successful exploitation leads to remote code execution; monitor for unexpected process spawning from Ivanti EPM service processes (e.g., child processes of the EPM application server)
  • ·Exploitation requires the attacker to be a remote authenticated user with admin privileges; unauthenticated or low-privileged users cannot directly trigger this vulnerability
  • ·Affected versions are Ivanti Endpoint Manager before the 2024 November Security Update or before 2022 SU6 November Security Update; patched instances are not vulnerable
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.