CVE-2024-29824

CVE Database · CVE-2024-29824

CVE-2024-29824

· HIGHAnalyzed

CVSS v3.1

8.8

EPSS

99.95%

Published

May 31, 2024

Modified

Oct 30, 2025

CISA Known Exploited Vulnerability

Added: 2024-10-02 · Due: 2024-10-23

Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Public PoC / Exploit (4)

All weaponized →

NucleiNuclei detection template TrickestTrickest PoC index GitHub PoChorizon3ai/CVE-2024-29824★25 GitHub PoCR4be1/CVE-2024-29824★1

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an unauthenticated attacker within the same network to execute arbitrary code.

CVSS Vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Weaknesses (CWE)

CWE-89CWE-89

Affected Products (7)

ivanti · endpoint_manager (up to 2022)vulnerable

ivanti · endpoint_managervulnerable

References (3)

https://forums.ivanti.com/s/article/Security-Advisory-May-2024

Vendor Advisory

https://forums.ivanti.com/s/article/Security-Advisory-May-2024

Vendor Advisory

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-29824

US Government Resource

KEV Catalog EPSS Scores Vendors All CVEs