CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2024-34785

An unspecified SQL injection in Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote authenticated attacker with admin privileges to achieve remote code execution.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.158

EPSS Ranking 94.3%

CVSS Severity

CVSS v3 Score 9.1

References

https://forums.ivanti.com/s/article/Security-Advisory-EPM-September-2024-for-EPM-2024-and-EPM-2022

Products affected by CVE-2024-34785

Ivanti » Endpoint Manager » Version: 2016.4

cpe:2.3:a:ivanti:endpoint_manager:2016.4
Ivanti » Endpoint Manager » Version: 2017.1

cpe:2.3:a:ivanti:endpoint_manager:2017.1
Ivanti » Endpoint Manager » Version: 2017.3

cpe:2.3:a:ivanti:endpoint_manager:2017.3
Ivanti » Endpoint Manager » Version: 2018.1

cpe:2.3:a:ivanti:endpoint_manager:2018.1
Ivanti » Endpoint Manager » Version: 2018.3

cpe:2.3:a:ivanti:endpoint_manager:2018.3
Ivanti » Endpoint Manager » Version: 2019.1

cpe:2.3:a:ivanti:endpoint_manager:2019.1
Ivanti » Endpoint Manager » Version: 2020.1

cpe:2.3:a:ivanti:endpoint_manager:2020.1
Ivanti » Endpoint Manager » Version: 2020.1.1

cpe:2.3:a:ivanti:endpoint_manager:2020.1.1
Ivanti » Endpoint Manager » Version: 2021.1

cpe:2.3:a:ivanti:endpoint_manager:2021.1
Ivanti » Endpoint Manager » Version: 2021.1.1

cpe:2.3:a:ivanti:endpoint_manager:2021.1.1
Ivanti » Endpoint Manager » Version: 2022

cpe:2.3:a:ivanti:endpoint_manager:2022
Ivanti » Endpoint Manager » Version: 2024

cpe:2.3:a:ivanti:endpoint_manager:2024
Ivanti » Endpoint Manager » Version: 7.9.1.285

cpe:2.3:a:ivanti:endpoint_manager:7.9.1.285

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2024-34785

Products

Pricing

Contact Us