CVE-2024-8191

Summary

CVE-2024-8191 is a high-severity SQL injection vulnerability found in the management console of Ivanti Endpoint Manager (EPM) versions prior to the 2022 SU6 and the September 2024 update. This flaw allows remote unauthenticated attackers to execute arbitrary code, posing significant risks to the integrity, confidentiality, and availability of affected systems. The vulnerability has a CVSS base score of 7.8, indicating a high potential for exploitation with low complexity. Organizations using the affected versions should remediate this issue by updating their Ivanti EPM software to the latest version as recommended in the vendor's security advisory. Failure to address this vulnerability could lead to severe data breaches and system compromises.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.