October 3, 2024 at 05:25PM The Cybersecurity and Infrastructure Security Agency has added CVE-2024-29824, an SQL Injection vulnerability in Ivanti Endpoint Manager, to its Known Exploited Vulnerabilities Catalog. Rated critical with a CVSS score of 9.6, this flaw was exploited in the wild, prompting Ivanti to release security updates in May. Organizations are cautioned to … Read more
October 3, 2024 at 02:33AM The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical security flaw in Ivanti Endpoint Manager (EPM) to its Known Exploited Vulnerabilities catalog, citing evidence of active exploitation. The vulnerability, tracked as CVE-2024-29824, allows for remote code execution and is actively targeted by threat actors. Federal agencies are … Read more
October 2, 2024 at 02:58PM CISA warned of an actively exploited critical Ivanti vulnerability, allowing remote code execution on vulnerable EPM appliances. Tracked as CVE-2024-29824, the SQL Injection flaw affects unpatched systems. Ivanti released security updates in May but confirmed ongoing exploitation. Federal agencies are required to patch within three weeks. Prioritize patching to block … Read more
June 13, 2024 at 03:40PM Researchers developed a proof-of-concept exploit for an SQL injection bug, CVE-2024-29824, in Ivanti Endpoint Manager. The bug allows unauthenticated attackers to execute code remotely, posing a significant threat. Ivanti responded promptly, releasing a patch within six weeks. Organizations are advised to implement the patch and restrict access to the management … Read more