Ivanti Product Security Update Advisory

Overview

 

Ivanti has announced an update to address vulnerabilities in their EPM product. Users of the affected version are advised to update to the latest version.

 

Affected Products

 

Ivanti EPM 2022 SU5 or below

 

Resolved Vulnerabilities

 

Remote code execution vulnerability via SQL Injection in Ivanti Endpoint Manager RecordGoodApp (CVE-2024-29824)

 

Vulnerability Patches

 

Vulnerability patches have been made available in the latest updates. Please follow the instructions on the Referenced Sites[4] to update to the latest Vulnerability Patches version.

 

Referenced Sites

 

[1] CVE-2024-29824 Deep Dive: Ivanti EPM SQL Injection Remote Code Execution Vulnerability

https://www.horizon3.ai/attack-research/attack-blogs/cve-2024-29824-deep-dive-ivanti-epm-sql-injection-remote-code-execution-vulnerability/

[2] Ivanti Endpoint Manager RecordGoodApp SQL Injection Remote Code Execution Vulnerability

https://www.zerodayinitiative.com/advisories/ZDI-24-507/

[3] Security Advisory May 2024

https://forums.ivanti.com/s/article/Security-Advisory-May-2024?language=en_US

[4] KB Security Advisory EPM May 2024

https://forums.ivanti.com/s/article/KB-Security-Advisory-EPM-May-2024?language=en_US