CISA has added the vulnerability to its Identified Exploited Vulnerability (KEV) Catalogue.
EPM raked with RCE flaws
The 2022 and prior releases of Ivanti’s EPM, out there to clients below the label service replace 5 (SU5), had been marred with a clutch of important RCE bugs, together with CVE-2024-29824, all receiving a severity ranking of CVSS 9.6 out of 10.
The answer, which permits organizations to handle, safe, and automate the upkeep of their gadgets, together with desktops, laptops, servers, and cell gadgets, inside an IT surroundings, was reportedly affected by a flaw that allowed a string of malicious SQL queries to be executed on the underlying databases.
