CVE-2024-50326
published 2024-11-12CVE-2024-50326: SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote authenticated attacker with…
PriorityP258high7.2CVSS 3.1
AVNACLPRHUINSUCHIHAH
EPSS
25.81%
97.7th percentile
SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote authenticated attacker with admin privileges to achieve remote code execution.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| ivanti | endpoint_manager | < 2022 | 2022 |
| ivanti | endpoint_manager | — | — |
| ivanti | endpoint_manager | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Vulnerability class is SQL injection (CWE-89) in Ivanti Endpoint Manager; monitor for anomalous or malformed SQL query patterns in EPM database logs originating from authenticated admin sessions ↗
- →Successful exploitation leads to remote code execution; monitor for unexpected process spawning from Ivanti EPM service processes (e.g., child processes of the EPM application server) ↗
- ·Exploitation requires the attacker to be a remote authenticated user with admin privileges; unauthenticated or low-privileged users cannot directly trigger this vulnerability ↗
- ·Affected versions are Ivanti Endpoint Manager before the 2024 November Security Update or before 2022 SU6 November Security Update; patched instances are not vulnerable ↗
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ivanti
Ivanti Security Advisory: CVE-2024-50326
vendor_ivanti·2024-11-12·CVSS 7.2
CVE-2024-50326 [HIGH] CWE-89 Ivanti Security Advisory: CVE-2024-50326
Ivanti Security Advisory: CVE-2024-50326
SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote authenticated attacker with admin privileges to achieve remote code execution.
CVE IDs: CVE-2024-50326
CVSS Base Score: 7.2
Severity: HIGH
CWEs: CWE-89
GHSA
GHSA-r5rh-8593-84qf: SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote authenticated attac
ghsa_unreviewed·2024-11-12
CVE-2024-50326 [HIGH] CWE-89 GHSA-r5rh-8593-84qf: SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote authenticated attac
SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote authenticated attacker with admin privileges to achieve remote code execution.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2024-11-12
Published