Description
An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an unauthenticated attacker within the same network to execute arbitrary code.
References (1)
Core 1
Core References
Vendor Advisory
https://forums.ivanti.com/s/article/Security-Advisory-May-2024
Scores
CVSS v3
8.8
EPSS
0.0238
EPSS Percentile
85.2%
Attack Vector
ADJACENT_NETWORK
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
yes
Technical Impact
total
Details
CWE
CWE-89
Status
published
Products (2)
ivanti/endpoint_manager
2022 (6 CPE variants)
ivanti/endpoint_manager
< 2022
Published
May 31, 2024
Tracked Since
Feb 18, 2026