Ivanti has released a hotfix to address an SQL injection vulnerability in Endpoint Manager (EPM) 2024 flat.
July 18, 2024 By Ionut Arghire
Ivanti this week announced patches for multiple high-severity vulnerabilities in Endpoint Manager and Endpoint Manager for Mobile, including a hotfix for an SQL injection flaw.
Tracked as CVE-2024-37381 (CVSS score of 8.4) and impacting the Core server of Endpoint Manager (EPM) 2024 flat, the SQL injection could be exploited by authenticated attackers with network access to execute arbitrary code.
The hot patch released this week is supported for EPM 2024 flat only, but Ivanti intends to release security updates that fully address the vulnerability.
Ivanti says it is not aware of this vulnerability being exploited in the wild against its customers.