{"uuid": "66553903-f96d-485e-b1f9-0f25e2695b51", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "name": "Ivanti Security Advisory EPM November 2024 for EPM 2024 and EPM 2022 SU6", "description": "Ivanti has released updates for Ivanti Endpoint Manager which addresses high and critical severity vulnerabilities.  \n\nIvanti is not aware of any customers being exploited by these vulnerabilities at the time of disclosure. \n\n[Security Advisory EPM November 2024 for EPM 2024 and EPM 2022 SU6](https://forums.ivanti.com/s/article/Security-Advisory-EPM-November-2024-for-EPM-2024-and-EPM-2022?language=en_US)\n\nPrimary Product\n\nEndpoint Manager\n\nCreated Date\n\n12 Nov 2024 15:00:14\n\nLast Modified Date\n\n12 Nov 2024 21:33:24\n\n**Summary**\u00a0\n\nIvanti has released updates for Ivanti Endpoint Manager which addresses high and critical severity vulnerabilities. \u00a0\n\nWe are not aware of any customers being exploited by these vulnerabilities at the time of disclosure.\u00a0\n\n**Vulnerability Details:**\u00a0\n\nCVE Number\u00a0\n\nDescription\u00a0\n\nCVSS Score (Severity)\u00a0\n\nCVSS Vector\u00a0\n\nCWE\u00a0\n\nCVE-2024-34787\u00a0\n\nPath traversal in Ivanti Endpoint Manager before\u00a02024 November Security Update or 2022 SU6 November Security Update\u00a0allows a local unauthenticated attacker to achieve code execution. User interaction is required.\u00a0\u00a0\n\n7.8 (High)\u00a0\n\nCVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\u00a0\n\nCWE-22\u00a0\n\nCVE-2024-50322\u00a0\n\nPath traversal in Ivanti Endpoint Manager before\u00a02024 November Security Update or 2022 SU6 November Security Update\u00a0allows a local unauthenticated attacker to achieve code execution. User interaction is required.\u00a0\n\n7.8 (High)\u00a0\n\nCVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\u00a0\n\nCWE-22\u00a0\n\nCVE-2024-32839\u00a0\n\nSQL injection in Ivanti Endpoint Manager before\u00a02024 November Security Update or 2022 SU6 November Security Update\u00a0allows a remote authenticated attacker with admin privileges to achieve remote code execution.\u00a0\n\n7.2 (High)\u00a0\n\nCVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H\u00a0\n\nCWE-89\u00a0\n\nCVE-2024-32841\u00a0\n\nSQL injection in Ivanti Endpoint Manager before\u00a02024 November Security Update or 2022 SU6 November Security Update\u00a0allows a remote authenticated attacker with admin privileges to achieve remote code execution. \u00a0\n\n7.2 (High)\u00a0\n\nCVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H\u00a0\n\nCWE-89\u00a0\n\nCVE-2024-32844\u00a0\n\nSQL injection in Ivanti Endpoint Manager before\u00a02024 November Security Update or 2022 SU6 November Security Update\u00a0allows a remote authenticated attacker with admin privileges to achieve remote code execution.\u00a0\n\n7.2 (High)\u00a0\n\nCVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H\u00a0\n\nCWE-89\u00a0\n\nCVE-2024-32847\u00a0\n\nSQL injection in Ivanti Endpoint Manager before\u00a02024 November Security Update or 2022 SU6 November Security Update\u00a0allows a remote authenticated attacker with admin privileges to achieve remote code execution.\u00a0\n\n7.2 (High)\u00a0\n\nCVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H\u00a0\n\nCWE-89\u00a0\n\nCVE-2024-34780\u00a0\n\nSQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote authenticated attacker with admin privileges to achieve remote code execution.\u00a0\n\n7.2 (High)\u00a0\n\nCVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H\u00a0\n\nCWE-89\u00a0\n\nCVE-2024-37376\u00a0\n\nSQL injection in Ivanti Endpoint Manager before\u00a02024 November Security Update or 2022 SU6 November Security Update\u00a0allows a remote authenticated attacker with admin privileges to achieve remote code execution.\u00a0\n\n7.2 (High)\u00a0\n\nCVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H\u00a0\n\nCWE-89\u00a0\n\nCVE-2024-34781\u00a0\n\nSQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote authenticated attacker with admin privileges to achieve remote code execution.\u00a0\n\n7.2 (High)\u00a0\n\nCVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H\u00a0\n\nCWE-89\u00a0\n\nCVE-2024-34782\u00a0\n\nSQL injection in Ivanti Endpoint Manager before\u00a02024 November Security Update or 2022 SU6 November Security Update\u00a0allows a remote authenticated attacker with admin privileges to achieve remote code execution.\u00a0\n\n7.2 (High)\u00a0\n\nCVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H\u00a0\n\nCWE-89\u00a0\n\nCVE-2024-34784\u00a0\n\nSQL injection in Ivanti Endpoint Manager before\u00a02024 November Security Update or 2022 SU6 November Security Update\u00a0allows a remote authenticated attacker with admin privileges to achieve remote code execution.\u00a0\n\n7.2 (High)\u00a0\n\nCVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H\u00a0\n\nCWE-89\u00a0\n\nCVE-2024-50323\u00a0\n\nSQL injection in Ivanti Endpoint Manager before\u00a02024 November Security Update or 2022 SU6 November Security Update\u00a0allows a local unauthenticated attacker to achieve code execution. User interaction is required.\u00a0\n\n7.8 (High)\u00a0\n\nCVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\u00a0\n\nCWE-89\u00a0\n\nCVE-2024-50324\u00a0\n\nPath traversal in Ivanti Endpoint Manager before\u00a02024 November Security Update or 2022 SU6 November Security Update\u00a0allows a remote authenticated attacker with admin privileges to achieve remote code execution.\u00a0\n\n7.2 (High)\u00a0\n\nCVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H\u00a0\n\nCWE-22\u00a0\n\nCVE-2024-50326\u00a0\n\nSQL injection in Ivanti Endpoint Manager before\u00a02024 November Security Update or 2022 SU6 November Security Update\u00a0allows a remote authenticated attacker with admin privileges to achieve remote code execution.\u00a0\n\n7.2 (High)\u00a0\n\nCVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H\u00a0\n\nCWE-89\u00a0\n\nCVE-2024-50327\u00a0\n\nSQL injection in Ivanti Endpoint Manager before\u00a02024 November Security Update or 2022 SU6 November Security Update\u00a0allows a remote authenticated attacker with admin privileges to achieve remote code execution.\u00a0\n\n7.2 (High)\u00a0\n\nCVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H\u00a0\n\nCWE-89\u00a0\n\nCVE-2024-50328\u00a0\n\nSQL injection in Ivanti Endpoint Manager before\u00a02024 November Security Update or 2022 SU6 November Security Update\u00a0allows a remote authenticated attacker with admin privileges to achieve remote code execution.\u00a0\n\n7.2 (High)\u00a0\n\nCVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H\u00a0\n\nCWE-89\u00a0\n\nCVE-2024-50329\u00a0\n\nPath traversal in Ivanti Endpoint Manager before\u00a02024 November Security Update or 2022 SU6 November Security Update\u00a0allows a remote unauthenticated attacker to achieve remote code execution. User interaction is required.\u00a0\n\n8.8 (High)\u00a0\n\nCVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\u00a0\n\nCWE-22\u00a0\n\nCVE-2024-50330\u00a0\n\nSQL injection in Ivanti Endpoint Manager before\u00a02024 November Security Update or 2022 SU6 November Security Update\u00a0allows a remote unauthenticated attacker to achieve remote code execution.\u00a0\n\n9.8 (Critical)\u00a0\n\nCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\u00a0\n\nCWE-89\u00a0\n\n**Affected Versions**\u00a0\n\nProduct Name\u00a0\n\nAffected Version(s)\u00a0\n\nResolved Version(s)\u00a0\n\nPatch Availability\u00a0\n\nIvanti Endpoint Manager (EPM)\u00a0\n\n2024 September security update and prior,\u00a0  \n2022 SU6 September security update and prior\u00a0\n\n2024 November Security Update, 2022 SU6 November Security Update", "creation_timestamp": "2024-11-13T09:12:33.737749+00:00", "timestamp": "2024-11-13T09:13:31.377434+00:00", "related_vulnerabilities": ["CVE-2024-50323", "CVE-2024-34787", "CVE-2024-32844", "CVE-2024-50324", "CVE-2024-34780", "CVE-2024-50326", "CVE-2024-50328", "CVE-2024-32847", "CVE-2024-50329", "CVE-2024-50330", "CVE-2024-34781", "CVE-2024-34784", "CVE-2024-34782", "CVE-2024-32839", "CVE-2024-50327", "CVE-2024-32841", "CVE-2024-50322", "CVE-2024-37376"], "author": {"login": "sync_user", "name": "sync_user", "uuid": "4f29edb9-4c4b-44ca-b041-9b050656b6ae"}}