Ivanti Endpoint Manager 多漏洞通报 (CVE-2024-34787/SQL注入)

从这个网页截图中，可以获取到以下关于漏洞的关键信息： 1. 漏洞编号和描述： - CVE-2024-34787: Path traversal in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a local unauthenticated attacker to achieve code execution. User interaction is required. - CVE-2024-50322: Path traversal in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a local unauthenticated attacker to achieve code execution. User interaction is required. - CVE-2024-32839: SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote authenticated attacker with admin privileges to achieve remote code execution. - CVE-2024-32841: SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote authenticated attacker with admin privileges to achieve remote code execution. - CVE-2024-32844: SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote authenticated attacker with admin privileges to achieve remote code execution. - CVE-2024-32847: SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote authenticated attacker with admin privileges to achieve remote code execution. - CVE-2024-37376: SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote authenticated attacker with admin privileges to achieve remote code execution. - CVE-2024-34781: SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote authenticated attacker with admin privileges to achieve remote code execution. - CVE-2024-34782: SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote authenticated attacker with admin privileges to achieve remote code execution. - CVE-2024-50323: SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote authenticated attacker with admin privileges to achieve remote code execution. - CVE-2024-50326: SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote authenticated attacker with admin privileges to achieve remote code execution. - CVE-2024-50327: SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote authenticated attacker with admin privileges to achieve remote code execution. - CVE-2024-50328: SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote authenticated attacker with admin privileges to achieve remote code execution. - CVE-2024-50329: SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote authenticated attacker to achieve remote code execution. 2. 受影响的版本： - Ivanti Endpoint Manager (EPM)：2024 September security update and prior, 2022 SU6 September security update and prior. - EPM 2024：2024 November Security Update. - EPM 2022 SU6：2022 SU6 November Security Update. 3. 解决方案： - 用户需要应用热补丁以修复这些漏洞。 4. 漏洞细节： - 漏洞类型包括路径遍历和SQL注入。 - 漏洞影响的组件包括 Ivanti Endpoint Manager 的不同版本。 5. 漏洞评分： - 大多数漏洞的CVSS评分在7.2到8.8之间，表明它们是高风险的。 6. 漏洞影响： - 这些漏洞允许未经授权的攻击者执行代码，影响了 Ivanti Endpoint Manager 的安全性。 这些信息可以帮助用户了解漏洞的严重性、受影响的组件和解决方案。

目标达成 感谢每一位支持者 — 我们达成了 100% 目标！

Ivanti Endpoint Manager 多漏洞通报 (CVE-2024-34787/SQL注入)

目标达成感谢每一位支持者 — 我们达成了 100% 目标！