CVE-2024-13162
CVSS 3.1 Score 7.2 of 10 (high)
Details
Published Jan 14, 2025
CWE ID 89
Summary
CVE-2024-13162 is a newly identified SQL injection vulnerability affecting Ivanti Environmental Policy Manager (EPM) versions prior to the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update. An authenticated attacker with administrative privileges can exploit this vulnerability to execute remote code. This issue stems from incomplete fixes related to a previously reported vulnerability, CVE-2024-32848. Ivanti urges users to apply the latest security updates as soon as possible to mitigate this risk.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share