Ivanti Fixes Several vulnerabilities Affecting Endpoint Manager (EPM)
Ivanti Endpoint Manager consists of a wide variety of powerful and easy-to-use tools that allaAll clients, devices and user profiles can be managed in one location with the Ivanti Endpoint Manager. The application is compatible with Linux, Windows, macOS, and IoT. By utilizing cutting-edge discovery and inventory technology, it offers a wealth of information regarding both managed and unmanaged devices.
Critical and high-security vulnerabilities are assigned to the vulnerabilities.
An attacker with access to the internal network can run any SQL query and obtain output without requiring authentication if the vulnerability is successful. The attacker may then be able to take control of the devices that the EPM agent is running on. RCE on the core server may result from the core server being set up to use SQL Express.
Vulnerabilities
| CVE | Description | CVSS | Vector |
| CVE-2024-29822 | An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an unauthenticated attacker within the same network to execute arbitrary code. | 9.6 | CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H |
| CVE-2024-29823 | An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an unauthenticated attacker within the same network to execute arbitrary code. | 9.6 | CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H |
| CVE-2024-29824 | An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an unauthenticated attacker within the same network to execute arbitrary code. | 9.6 | CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H |
| CVE-2024-29825 | An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an unauthenticated attacker within the same network to execute arbitrary code. | 9.6 | CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H |
| CVE-2024-29826 | An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an unauthenticated attacker within the same network to execute arbitrary code. | 9.6 | CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H |
| CVE-2024-29827 | An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an unauthenticated attacker within the same network to execute arbitrary code. | 9.6 | CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H |
| CVE-2024-29828 | An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an authenticated attacker within the same network to execute arbitrary code. | 8.4 | CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H |
| CVE-2024-29829 | An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an authenticated attacker within the same network to execute arbitrary code. | 8.4 | CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H |
| CVE-2024-29830 | An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an authenticated attacker within the same network to execute arbitrary code. | 8.4 | CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H |
| CVE-2024-29846 | An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an authenticated attacker within the same network to execute arbitrary code. | 8.4 | CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H |
These unidentified SQL Injection vulnerabilities affect Ivanti EPM 2022 SU5 and earlier versions of Core servers. An unauthorized attacker on the same network may be able to run any code through these vulnerabilities:
CVE-2024-29822
CVE-2024-29823
CVE-2024-29824
CVE-2024-29825
CVE-2024-29826
CVE-2024-29827
Ivanti EPM 2022 SU5 and earlier versions of the Core server are vulnerable to these unidentified SQL Injection vulnerabilities. Any code could be executed by an authenticated attacker on the same network through these vulnerabilities:
CVE-2024-29828
CVE-2024-29829
CVE-2024-29830
CVE-2024-29846
Mitigation
| Algo | Hash | File |
| SHA256 | 52692068188BA8ABB579E3CB28746382 07FBC5C4F3E764E5F4BD3B48DD771A9F |
LANDesk.AlertManager.Business.dll |
| SHA256 | C3378FCD23792161F301A9FEFA1F94B6 96243983C6CEF58148652BAEFCE288CA |
LANDesk.AlertManager.Data.dll |
| SHA256 | 8CD9F17EEABA469A768D5D1D48D7EC9B B7DB6439004B05A34B236B0280C76670 |
PatchApi.dll |
| SHA256 | FB88A58E967C504C4A0A07672627D95A A7374C468D9B636E4696A4D418D2A0AD |
PatchBiz.dll |