Cyber Security

Ivanti Endpoint Manager SQL Injection Flaw Let Attackers Execute Arbitrary Code

Multiple vulnerabilities involving SQL injection have been identified in Ivanti Endpoint Manager.

These vulnerabilities could potentially enable malicious actors to carry out various unauthorized actions, including initiating Denial of Service attacks and executing arbitrary code on affected systems.

One of the vulnerabilities found was a SQL injection vulnerability in Ivanti Neurons for ITSM, while the rest were discovered in the Ivanti Endpoint Manager (EPM).

Free Webinar on Live API Attack Simulation: Book Your Seat | Start protecting your APIs from hackers

The severity of these vulnerabilities ranges from 8.4 (High) to 9.6 (Critical).

Vulnerability Analysis – SQL Injections

According to the advisory, there were 11 SQL injection vulnerabilities identified, which were given the CVEs as 

  • CVE-2024-22059 – 9.6 (Critical)
  • CVE-2024-29822 – 9.6 (Critical)
  • CVE-2024-29823 – 9.6 (Critical)
  • CVE-2024-29824 – 9.6 (Critical)
  • CVE-2024-29825 – 9.6 (Critical)
  • CVE-2024-29826 – 9.6 (Critical)
  • CVE-2024-29827 – 8.4 (High)
  • CVE-2024-29828 – 8.4 (High)
  • CVE-2024-29829 – 8.4 (High)
  • CVE-2024-29830 – 8.4 (High) and
  • CVE-2024-29846 – 8.4 (High)

Among these SQL injection vulnerabilities, six had a 9.6 (Critical) severity.

These vulnerabilities were due to an unspecified SQL injection flaw in the Core server of Ivanti EPM 2022 SU5 and prior versions, which allows an unauthenticated attacker on the same network to execute arbitrary code on the vulnerable instances.

The other five vulnerabilities had an 8.4 (High) severity, which also existed due to a similar unspecified SQL injection flaw but require an authentication that could enable an authenticated attacker on the same network to execute arbitrary code on the vulnerable instance.

However, Users of Ivanti Endpoint Manager are recommended to upgrade to the latest versions to prevent threat actors from exploiting these SQL injection vulnerabilities.

ANYRUN malware sandbox’s 8th Birthday Special Offer: Grab 6 Months of Free Service
Eswar

Eswar is a Cyber security reporter with a passion for creating captivating and informative content. With years of experience under his belt in Cyber Security, he is reporting data breach, Privacy and APT Threats.

Share
Published by
Eswar
Tags: cyber securitysql injectionVulnerability Management
1 year ago

Recent Posts

Threat Actor Allegedly Selling FortiGate API Exploit Tool Targeting FortiOS

A threat actor has reportedly put up for sale a sophisticated FortiGate API exploit tool…

9 hours ago

Critical OpenVPN Driver Vulnerability Allows Attackers to Crash Windows Systems

Summary 1. A critical OpenVPN Windows driver flaw (CVE-2025-50054) allowed local attackers to crash systems.…

18 hours ago

DuckDuckGo Rolls Out New Scam Blocker to Protect Users from Online Threats

DuckDuckGo has significantly upgraded its Scam Blocker feature to protect users against a broader range…

21 hours ago

How Smart Timesheet Software Is Changing the Way of Work

As an employee have been managing projects in remote, hybrid, and traditional work environments, employees…

22 hours ago

Microsoft Warns of OneDrive Bug that Causes Searches to Appear Blank

Summary 1. A OneDrive bug is causing some users' search results to appear blank, though…

1 day ago

Microsoft Announces New Security Defaults for Windows 365 Cloud PCs

Summary 1. Redirection controls disable clipboard, drive, USB, and printer access by default to prevent…

1 day ago