从这个网页截图中,可以获取到以下关于漏洞的关键信息: 1. 漏洞编号和描述: - CVE-2024-34787: Path traversal in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a local unauthenticated attacker to achieve code execution. User interaction is required. - CVE-2024-50322: Path traversal in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a local unauthenticated attacker to achieve code execution. User interaction is required. - CVE-2024-32839: SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote authenticated attacker with admin privileges to achieve remote code execution. - CVE-2024-32841: SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote authenticated attacker with admin privileges to achieve remote code execution. - CVE-2024-32844: SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote authenticated attacker with admin privileges to achieve remote code execution. - CVE-2024-32847: SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote authenticated attacker with admin privileges to achieve remote code execution. - CVE-2024-37376: SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote authenticated attacker with admin privileges to achieve remote code execution. - CVE-2024-34781: SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote authenticated attacker with admin privileges to achieve remote code execution. - CVE-2024-34782: SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote authenticated attacker with admin privileges to achieve remote code execution. - CVE-2024-50323: SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote authenticated attacker with admin privileges to achieve remote code execution. - CVE-2024-50326: SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote authenticated attacker with admin privileges to achieve remote code execution. - CVE-2024-50327: SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote authenticated attacker with admin privileges to achieve remote code execution. - CVE-2024-50328: SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote authenticated attacker with admin privileges to achieve remote code execution. - CVE-2024-50329: SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote authenticated attacker to achieve remote code execution. 2. 受影响的版本: - Ivanti Endpoint Manager (EPM):2024 September security update and prior, 2022 SU6 September security update and prior. - EPM 2024:2024 November Security Update. - EPM 2022 SU6:2022 SU6 November Security Update. 3. 解决方案: - 用户需要应用热补丁以修复这些漏洞。 4. 漏洞细节: - 漏洞类型包括路径遍历和SQL注入。 - 漏洞影响的组件包括 Ivanti Endpoint Manager 的不同版本。 5. 漏洞评分: - 大多数漏洞的CVSS评分在7.2到8.8之间,表明它们是高风险的。 6. 漏洞影响: - 这些漏洞允许未经授权的攻击者执行代码,影响了 Ivanti Endpoint Manager 的安全性。 这些信息可以帮助用户了解漏洞的严重性、受影响的组件和解决方案。