CISA has added a vulnerability to its catalog known as Known Exploited Vulnerability (KEV).
EPM is plagued with RCE errors
The 2022 and earlier releases of Ivanti’s EPM, available to customers under label service update 5 (SU5), are marred by a clutch of critical RCE bugs, including CVE-2024-29824, all of which receive a severity rating of CVSS 9.6 out of 10 .
The solution, which allows organizations to manage, secure, and automate the maintenance of their devices, including desktops, laptops, servers, and mobile devices, within the IT environment, has reportedly been affected by a bug that allowed a series of malicious SQL queries to be executed on an underlying database.
Source link