CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2024-13162

SQL injection in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote authenticated attacker with admin privileges to achieve remote code execution. This CVE addresses incomplete fixes from CVE-2024-32848.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.069

EPSS Ranking 91.0%

CVSS Severity

CVSS v3 Score 7.2

References

https://forums.ivanti.com/s/article/Security-Advisory-EPM-January-2025-for-EPM-2024-and-EPM-2022-SU6

Products affected by CVE-2024-13162

Ivanti » Endpoint Manager » Version: 2016.4

cpe:2.3:a:ivanti:endpoint_manager:2016.4
Ivanti » Endpoint Manager » Version: 2017.1

cpe:2.3:a:ivanti:endpoint_manager:2017.1
Ivanti » Endpoint Manager » Version: 2017.3

cpe:2.3:a:ivanti:endpoint_manager:2017.3
Ivanti » Endpoint Manager » Version: 2018.1

cpe:2.3:a:ivanti:endpoint_manager:2018.1
Ivanti » Endpoint Manager » Version: 2018.3

cpe:2.3:a:ivanti:endpoint_manager:2018.3
Ivanti » Endpoint Manager » Version: 2019.1

cpe:2.3:a:ivanti:endpoint_manager:2019.1
Ivanti » Endpoint Manager » Version: 2020.1

cpe:2.3:a:ivanti:endpoint_manager:2020.1
Ivanti » Endpoint Manager » Version: 2020.1.1

cpe:2.3:a:ivanti:endpoint_manager:2020.1.1
Ivanti » Endpoint Manager » Version: 2021.1

cpe:2.3:a:ivanti:endpoint_manager:2021.1
Ivanti » Endpoint Manager » Version: 2021.1.1

cpe:2.3:a:ivanti:endpoint_manager:2021.1.1
Ivanti » Endpoint Manager » Version: 2022

cpe:2.3:a:ivanti:endpoint_manager:2022
Ivanti » Endpoint Manager » Version: 2024

cpe:2.3:a:ivanti:endpoint_manager:2024
Ivanti » Endpoint Manager » Version: 7.9.1.285

cpe:2.3:a:ivanti:endpoint_manager:7.9.1.285

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2024-13162

Products

Pricing

Contact Us