CVE-2024-37376

CVSS 3.0 Score 7.2 of 10 (high)

Details

Published Nov 13, 2024

CWE ID 89

Summary

CVE-2024-37376 is a newly disclosed SQL injection vulnerability in Ivanti Endpoint Manager. This issue, affecting versions prior to the November 2024 Security Update and 2022 SU6 November Security Update, permits a remote, authenticated attacker with administrative privileges to execute arbitrary code. By manipulating SQL queries, the assailant can bypass security measures and gain unauthorized access to the system, potentially leading to serious data breaches or system compromises. It is essential for organizations using Ivanti Endpoint Manager to apply the available security updates promptly to mitigate this risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Affected Products

Ivanti Endpoint Manager

Advisories, Assessments, and Mitigations

Back to Vulnerability Database

Platform Features

Products

Use Cases

Teams

Industries

Services

GrayAlpha Uses Diverse Infection Vectors to Deploy PowerNet Loader and NetSupport RAT

Predator Still Active, with New Client and Corporate Links Identified

Russia-Aligned TAG-110 Targets Tajikistan with Macro-Enabled Word Documents

Know What Matters

For Customers

For Partners