Ivanti Releases Security Update for Vulnerability Affecting Endpoint Manager

A high severity vulnerability could allow an attacker to execute arbitary code via SQL Injection on an affected system

Threat ID:: CC-4524
Threat Severity:: Medium
Published:: 17 July 2024 2:10 PM

Report a cyber attack: call 0300 303 5222 or email [email protected]

Summary

A high severity vulnerability could allow an attacker to execute arbitary code via SQL Injection on an affected system

Affected platforms

The following platforms are known to be affected:

Versions: 2024

Ivanti Endpoint Manager

Threat details

Introduction

Ivanti has released a security advisory to address a high severity vulnerability affecting Ivanti Endpoint Manager (EPM). Ivanti EPM is an all-in-one solution for managing devices endpoints within a network.

The vulnerability CVE-2024-37381 has a CVSSv3 score of 8.4 and could allow an authenticated attacker within the same network to execute arbitrary code via SQL injection.

Remediation advice

Affected organisations are encouraged to review the Ivanti Security Advisory EPM July 2024 for EPM 2024 and apply the relevant update.

Definitive source of threat updates

https://forums.ivanti.com/s/article/Security-Advisory-EPM-July-2024-for-EPM-2024?language=en_US

CVE Vulnerabilities

Status Reserved

CVE-2024-37381

Last edited: 17 July 2024 2:10 pm