Description
SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote unauthenticated attacker to achieve remote code execution.
CVSS breakdown
CVSS 3.1
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Affected products
- Ivanti / Endpoint Manager2024 November Security Update – 2024 November Security Update
- Ivanti / Endpoint Manager2022 SU6 November Security Update – 2022 SU6 November Security Update