CVE-2024-8322 – Securitricks

216.73.216.6

CVE-2024-8322

· Published 10/09/2024 21:15 · Modified 12/09/2024 21:56

Labels: CVE-2024-8322 2024-09-10 3c1d8aa1-5a33-4ea4-8992-aadd6440af75 CVE-2024-8322 CWE-1390 NVD-CWE-Other

Essential information

Published: 10/09/2024 21:15
Modified: 12/09/2024 21:56
Author: —
Creator: —
CVSS: 8.8 HIGH (v3.1)
CISA KEV: No
CWE: —
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVSS metrics

Description

Weak authentication in Patch Management of Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote authenticated attacker to access restricted functionality.

NVD status

Status: Analyzed — CVE has been recently published to the CVE List and has been received by the NVD.
Source: 3c1d8aa1-5a33-4ea4-8992-aadd6440af75
NVD: View on NVD

Affected products (CPE)

Product	CPE
ivanti / endpoint manager	`cpe:2.3:a:ivanti:endpoint_manager::::::::`
ivanti / endpoint manager	`cpe:2.3:a:ivanti:endpoint_manager:2022:-::::::`
ivanti / endpoint manager	`cpe:2.3:a:ivanti:endpoint_manager:2022:su1::::::`
ivanti / endpoint manager	`cpe:2.3:a:ivanti:endpoint_manager:2022:su2::::::`
ivanti / endpoint manager	`cpe:2.3:a:ivanti:endpoint_manager:2022:su3::::::`
ivanti / endpoint manager	`cpe:2.3:a:ivanti:endpoint_manager:2022:su4::::::`
ivanti / endpoint manager	`cpe:2.3:a:ivanti:endpoint_manager:2022:su5::::::`
ivanti / endpoint manager	`cpe:2.3:a:ivanti:endpoint_manager:2024:-::::::`

References