8.8
CVE-2024-8322
- EPSS 1.08%
- Veröffentlicht 10.09.2024 21:15:15
- Zuletzt bearbeitet 12.09.2024 21:56:43
- Quelle 3c1d8aa1-5a33-4ea4-8992-aadd64
- CVE-Watchlists
- Unerledigt
Weak authentication in Patch Management of Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote authenticated attacker to access restricted functionality.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Ivanti ≫ Endpoint Manager Version < 2022
Ivanti ≫ Endpoint Manager Version2022 Update-
Ivanti ≫ Endpoint Manager Version2022 Updatesu1
Ivanti ≫ Endpoint Manager Version2022 Updatesu2
Ivanti ≫ Endpoint Manager Version2022 Updatesu3
Ivanti ≫ Endpoint Manager Version2022 Updatesu4
Ivanti ≫ Endpoint Manager Version2022 Updatesu5
Ivanti ≫ Endpoint Manager Version2024 Update-
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 1.08% | 0.608 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 8.8 | 2.8 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
| 3c1d8aa1-5a33-4ea4-8992-aadd6440af75 | 4.3 | 2.8 | 1.4 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
|
CWE-1390 Weak Authentication
The product uses an authentication mechanism to restrict access to specific users or identities, but the mechanism does not sufficiently prove that the claimed identity is correct.
https://forums.ivanti.com/s/article/Security-Advisory-EPM-September-2024-for-EPM-2024-and-EPM-2022