8.8
CVE-2024-8322
- EPSS 1.56%
- Veröffentlicht 10.09.2024 21:15:15
- Zuletzt bearbeitet 12.09.2024 21:56:43
- Quelle 3c1d8aa1-5a33-4ea4-8992-aadd64
- CVE-Watchlists
- Unerledigt
LoginWeak authentication in Patch Management of Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote authenticated attacker to access restricted functionality.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Ivanti ≫ Endpoint Manager Version < 2022
Ivanti ≫ Endpoint Manager Version2022 Update-
Ivanti ≫ Endpoint Manager Version2022 Updatesu1
Ivanti ≫ Endpoint Manager Version2022 Updatesu2
Ivanti ≫ Endpoint Manager Version2022 Updatesu3
Ivanti ≫ Endpoint Manager Version2022 Updatesu4
Ivanti ≫ Endpoint Manager Version2022 Updatesu5
Ivanti ≫ Endpoint Manager Version2024 Update-
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 1.56% | 0.81 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 8.8 | 2.8 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
| 3c1d8aa1-5a33-4ea4-8992-aadd6440af75 | 4.3 | 2.8 | 1.4 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
|
CWE-1390 Weak Authentication
The product uses an authentication mechanism to restrict access to specific users or identities, but the mechanism does not sufficiently prove that the claimed identity is correct.