ZDI-24-1501: Ivanti Endpoint Manager EFile Directory Traversal Remote Code Execution Vulnerability

Read Time:21 Second

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Endpoint Manager. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Alternatively, no user interaction is required if the attacker has administrative credentials to the application. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-34787.

Read More

ZDI-24-1503: Ivanti Endpoint Manager OnSaveToDB Directory Traversal Remote Code Execution Vulnerability

Read Time:21 Second

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Endpoint Manager. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Alternatively, no user interaction is required if the attacker has administrative credentials to the application. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-50322.

Read More

ZDI-24-1504: Ivanti Endpoint Manager TestAllowedSQL SQL Injection Remote Code Execution Vulnerability

Read Time:21 Second

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Endpoint Manager. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Alternatively, no user interaction is required if the attacker has administrative credentials to the application. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-50323.

Read More