Multiple SQL injection vulnerabilities in Ivanti Endpoint Manager



| Updated: 2024-10-02
Risk Critical
Patch available YES
Number of vulnerabilities 10
CVE-ID CVE-2024-29846
CVE-2024-29830
CVE-2024-29829
CVE-2024-29828
CVE-2024-29827
CVE-2024-29826
CVE-2024-29825
CVE-2024-29824
CVE-2024-29823
CVE-2024-29822
CWE-ID CWE-89
Exploitation vector Network
Public exploit Vulnerability #8 is being exploited in the wild.
Vulnerable software
Endpoint Manager
Server applications / IDS/IPS systems, Firewalls and proxy servers

Vendor Ivanti

Security Bulletin

This security bulletin contains information about 10 vulnerabilities.

1) SQL injection

EUVDB-ID: #VU89733

Risk: Low

CVSSv3.1: 6.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-29846

CWE-ID: CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Exploit availability: No

Description

The vulnerability allows a remote user to execute arbitrary SQL queries in database.

The vulnerability exists due to insufficient sanitization of user-supplied data. A remote privileged user can send a specially crafted request to the affected application and execute arbitrary SQL commands within the application database.

Successful exploitation of this vulnerability may allow a remote attacker to read, delete, modify data in database and gain complete control over the affected application.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Endpoint Manager: 2022 SU1 - 2022

CPE2.3 External links

http://forums.ivanti.com/s/article/Security-Advisory-May-2024?language=en_US
http://forums.ivanti.com/s/article/KB-Security-Advisory-EPM-May-2024?language=en_US
http://www.zerodayinitiative.com/advisories/ZDI-24-514/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) SQL injection

EUVDB-ID: #VU89732

Risk: Low

CVSSv3.1: 6.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-29830

CWE-ID: CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Exploit availability: No

Description

The vulnerability allows a remote user to execute arbitrary SQL queries in database.

The vulnerability exists due to insufficient sanitization of user-supplied data. A remote privileged user can send a specially crafted request to the affected application and execute arbitrary SQL commands within the application database.

Successful exploitation of this vulnerability may allow a remote attacker to read, delete, modify data in database and gain complete control over the affected application.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Endpoint Manager: 2022 SU1 - 2022

CPE2.3 External links

http://forums.ivanti.com/s/article/Security-Advisory-May-2024?language=en_US
http://forums.ivanti.com/s/article/KB-Security-Advisory-EPM-May-2024?language=en_US
http://www.zerodayinitiative.com/advisories/ZDI-24-513/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) SQL injection

EUVDB-ID: #VU89731

Risk: Low

CVSSv3.1: 6.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-29829

CWE-ID: CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Exploit availability: No

Description

The vulnerability allows a remote user to execute arbitrary SQL queries in database.

The vulnerability exists due to insufficient sanitization of user-supplied data. A remote privileged user can send a specially crafted request to the affected application and execute arbitrary SQL commands within the application database.

Successful exploitation of this vulnerability may allow a remote attacker to read, delete, modify data in database and gain complete control over the affected application.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Endpoint Manager: 2022 SU1 - 2022

CPE2.3 External links

http://forums.ivanti.com/s/article/Security-Advisory-May-2024?language=en_US
http://forums.ivanti.com/s/article/KB-Security-Advisory-EPM-May-2024?language=en_US
http://www.zerodayinitiative.com/advisories/ZDI-24-512/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) SQL injection

EUVDB-ID: #VU89730

Risk: Low

CVSSv3.1: 6.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-29828

CWE-ID: CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Exploit availability: No

Description

The vulnerability allows a remote user to execute arbitrary SQL queries in database.

The vulnerability exists due to insufficient sanitization of user-supplied data. A remote privileged user can send a specially crafted request to the affected application and execute arbitrary SQL commands within the application database.

Successful exploitation of this vulnerability may allow a remote attacker to read, delete, modify data in database and gain complete control over the affected application.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Endpoint Manager: 2022 SU1 - 2022

CPE2.3 External links

http://forums.ivanti.com/s/article/Security-Advisory-May-2024?language=en_US
http://forums.ivanti.com/s/article/KB-Security-Advisory-EPM-May-2024?language=en_US
http://www.zerodayinitiative.com/advisories/ZDI-24-511/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) SQL injection

EUVDB-ID: #VU89729

Risk: High

CVSSv3.1: 8.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-29827

CWE-ID: CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary SQL queries in database.

The vulnerability exists due to insufficient sanitization of user-supplied data. A remote attacker can send a specially crafted request to the affected application and execute arbitrary SQL commands within the application database.

Successful exploitation of this vulnerability may allow a remote attacker to read, delete, modify data in database and gain complete control over the affected application.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Endpoint Manager: 2022 SU1 - 2022

CPE2.3 External links

http://forums.ivanti.com/s/article/Security-Advisory-May-2024?language=en_US
http://forums.ivanti.com/s/article/KB-Security-Advisory-EPM-May-2024?language=en_US
http://www.zerodayinitiative.com/advisories/ZDI-24-510/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

6) SQL injection

EUVDB-ID: #VU89728

Risk: High

CVSSv3.1: 8.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-29826

CWE-ID: CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary SQL queries in database.

The vulnerability exists due to insufficient sanitization of user-supplied data. A remote attacker can send a specially crafted request to the affected application and execute arbitrary SQL commands within the application database.

Successful exploitation of this vulnerability may allow a remote attacker to read, delete, modify data in database and gain complete control over the affected application.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Endpoint Manager: 2022 SU1 - 2022

CPE2.3 External links

http://forums.ivanti.com/s/article/Security-Advisory-May-2024?language=en_US
http://forums.ivanti.com/s/article/KB-Security-Advisory-EPM-May-2024?language=en_US
http://www.zerodayinitiative.com/advisories/ZDI-24-509/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

7) SQL injection

EUVDB-ID: #VU89727

Risk: High

CVSSv3.1: 8.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-29825

CWE-ID: CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary SQL queries in database.

The vulnerability exists due to insufficient sanitization of user-supplied data. A remote attacker can send a specially crafted request to the affected application and execute arbitrary SQL commands within the application database.

Successful exploitation of this vulnerability may allow a remote attacker to read, delete, modify data in database and gain complete control over the affected application.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Endpoint Manager: 2022 SU1 - 2022

CPE2.3 External links

http://forums.ivanti.com/s/article/Security-Advisory-May-2024?language=en_US
http://forums.ivanti.com/s/article/KB-Security-Advisory-EPM-May-2024?language=en_US
http://www.zerodayinitiative.com/advisories/ZDI-24-508/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

8) SQL injection

EUVDB-ID: #VU89726

Risk: Critical

CVSSv3.1: 9.4 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H/RL:O/RC:C]

CVE-ID: CVE-2024-29824

CWE-ID: CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Exploit availability: Yes

Description

The vulnerability allows a remote attacker to execute arbitrary SQL queries in database.

The vulnerability exists due to insufficient sanitization of user-supplied data. A remote attacker can send a specially crafted request to the affected application and execute arbitrary SQL commands within the application database.

Successful exploitation of this vulnerability may allow a remote attacker to read, delete, modify data in database and gain complete control over the affected application.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Endpoint Manager: 2022 SU1 - 2022

CPE2.3 External links

http://forums.ivanti.com/s/article/Security-Advisory-May-2024?language=en_US
http://forums.ivanti.com/s/article/KB-Security-Advisory-EPM-May-2024?language=en_US
http://www.zerodayinitiative.com/advisories/ZDI-24-507/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

Yes. This vulnerability is being exploited in the wild.

9) SQL injection

EUVDB-ID: #VU89725

Risk: High

CVSSv3.1: 8.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-29823

CWE-ID: CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary SQL queries in database.

The vulnerability exists due to insufficient sanitization of user-supplied data. A remote attacker can send a specially crafted request to the affected application and execute arbitrary SQL commands within the application database.

Successful exploitation of this vulnerability may allow a remote attacker to read, delete, modify data in database and gain complete control over the affected application.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Endpoint Manager: 2022 SU1 - 2022

CPE2.3 External links

http://forums.ivanti.com/s/article/Security-Advisory-May-2024?language=en_US
http://forums.ivanti.com/s/article/KB-Security-Advisory-EPM-May-2024?language=en_US
http://www.zerodayinitiative.com/advisories/ZDI-24-506/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

10) SQL injection

EUVDB-ID: #VU89724

Risk: High

CVSSv3.1: 8.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-29822

CWE-ID: CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary SQL queries in database.

The vulnerability exists due to insufficient sanitization of user-supplied data. A remote attacker can send a specially crafted request to the affected application and execute arbitrary SQL commands within the application database.

Successful exploitation of this vulnerability may allow a remote attacker to read, delete, modify data in database and gain complete control over the affected application.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Endpoint Manager: 2022 SU1 - 2022

CPE2.3 External links

http://forums.ivanti.com/s/article/Security-Advisory-May-2024?language=en_US
http://forums.ivanti.com/s/article/KB-Security-Advisory-EPM-May-2024?language=en_US
http://www.zerodayinitiative.com/advisories/ZDI-24-505/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###