Skip to main content

A high severity vulnerability could allow an attacker to execute arbitary code via SQL Injection on an affected system

Threat ID:CC-4524
Threat Severity:Medium
Published:17 July 2024 2:10 PM

Summary

A high severity vulnerability could allow an attacker to execute arbitary code via SQL Injection on an affected system

Affected platforms

The following platforms are known to be affected:

Versions: 2024
Ivanti Endpoint Manager

Threat details

Introduction

Ivanti has released a security advisory to address a high severity vulnerability affecting Ivanti Endpoint Manager (EPM). Ivanti EPM is an all-in-one solution for managing devices endpoints within a network.

The vulnerability CVE-2024-37381 has a CVSSv3 score of 8.4 and could allow an authenticated attacker within the same network to execute arbitrary code via SQL injection

Remediation advice

Affected organisations are encouraged to review the Ivanti Security Advisory EPM July 2024 for EPM 2024 and apply the relevant update.

Definitive source of threat updates

CVE Vulnerabilities

StatusReserved
CVE-2024-37381

Last edited: 17 July 2024 2:10 pm

Back to top