CVE-2024-32841
CVSS 3.0 Score 7.2 of 10 (high)
Details
Published Nov 13, 2024
CWE ID 89
Summary
CVE-2024-32841 is a newly disclosed SQL injection vulnerability affecting Ivanti Endpoint Manager. This issue, unfixed in versions prior to November 2024 Security Update and 2022 SU6, enables remote authenticated attackers with administrative privileges to execute arbitrary code. Successful exploitation could lead to significant security implications, including unauthorized access, data theft, or system compromise. Ivanti strongly recommends users apply the latest security updates as soon as possible to mitigate this risk.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Affected Products
- Ivanti Endpoint Manager