In the dynamic realm of cybersecurity, staying updated on the latest vulnerabilities is imperative.
This edition of the AppSecWorld's CVE Daily Digest provides a snapshot of the vulnerabilities published in National Vulnerability Database between May 31-01, 2024.
During this period, The National Vulnerability Database published 81, and these new Common Vulnerabilities and Exposures (CVEs) are classified as follows:
Critical: 8
High: 20
Medium: 14
Low: 1
Severity Not Assigned: 38
Identifying and understanding these vulnerabilities are pivotal steps towards enhancing security measures and creating a safer digital environment.
Now, let's delve deeper into AppSecWorld's CVE Daily Digest, spotlighting the Critical and High Severity vulnerabilities that demand immediate attention.
1. CVE-2024-5345
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: The Responsive Owl Carousel for Elementor plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.2.0 via the layout parameter. This makes it possible for authenticated attackers, with Contributor-level access and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included. The inclusion is limited to PHP files.
References: https://plugins.trac.wordpress.org/browser/responsive-owl-carousel-elementor/trunk/includes/widgets/owl-carousel.php#L669
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3092511%40responsive-owl-carousel-elementor%2Ftrunk&old=3092226%40responsive-owl-carousel-elementor%2Ftrunk&sfp_email=&sfph_mail=
https://www.wordfence.com/threat-intel/vulnerabilities/id/0638c8f3-070a-4b42-ba58-396f3f259b9d?source=cve
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
2. CVE-2024-2793
Base Score: 7.2
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 2.7
Description: The Visual Website Collaboration, Feedback & Project Management – Atarim plugin for WordPress is vulnerable to Stored Cross-Site Scripting via comments in all versions up to, and including, 3.30 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
References: https://plugins.trac.wordpress.org/browser/atarim-visual-collaboration/trunk/inc/wpf_ajax_functions.php#L1923
https://plugins.trac.wordpress.org/browser/atarim-visual-collaboration/trunk/inc/wpf_ajax_functions.php#L505
https://plugins.trac.wordpress.org/browser/atarim-visual-collaboration/trunk/inc/wpf_ajax_functions.php#L666
https://plugins.trac.wordpress.org/changeset/3094260/
https://plugins.trac.wordpress.org/changeset/3094999/
https://www.wordfence.com/threat-intel/vulnerabilities/id/9bd63003-d1d6-480a-8df7-878bcc89f1ee?source=cve
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
3. CVE-2024-5523
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: SQL injection vulnerability in Astrotalks affecting version 10/03/2023. This vulnerability could allow an authenticated local user to send a specially crafted SQL query to the 'searchString' parameter and retrieve all information stored in the database.
References: https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-astrotalks
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
4. CVE-2024-5525
Base Score: 8.3
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.5
Description: Improper privilege management vulnerability in Astrotalks affecting version 10/03/2023. This vulnerability allows a local user to access the application as an administrator without any provided credentials, allowing the attacker to perform administrative actions.
References: https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-astrotalks
CWE-ID: CWE-269
Common Platform Enumerations (CPE): Not Found
5. CVE-2024-23692
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: Rejetto HTTP File Server, up to and including version 2.3m, is vulnerable to a template injection vulnerability. This vulnerability allows a remote, unauthenticated attacker to execute arbitrary commands on the affected system by sending a specially crafted HTTP request. As of the CVE assignment date, Rejetto HFS 2.3m is no longer supported.
References: https://mohemiv.com/all/rejetto-http-file-server-2-3m-unauthenticated-rce/
https://vulncheck.com/advisories/rejetto-unauth-rce
CWE-ID: CWE-1336
Common Platform Enumerations (CPE): Not Found
6. CVE-2024-36108
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: casgate is an Open Source Identity and Access Management system. In affected versions `casgate` allows remote unauthenticated attacker to obtain sensitive information via GET request to an API endpoint. This issue has been addressed in PR #201 which is pending merge. An attacker could use `id` parameter of GET requests with value `anonymous/ anonymous` to bypass authorization on certain API endpoints. Successful exploitation of the vulnerability could lead to account takeover, privilege escalation or provide attacker with credential to other services. Users are advised to upgrade. There are no known workarounds for this vulnerability.
References: https://github.com/casgate/casgate/pull/201
https://github.com/casgate/casgate/security/advisories/GHSA-mj5q-rc67-h56c
CWE-ID: CWE-285
Common Platform Enumerations (CPE): Not Found
7. CVE-2024-5565
Base Score: 8.1
Base Severity: HIGH
Exploitability Score: 2.2
Impact Score: 5.9
Description: The Vanna library uses a prompt function to present the user with visualized results, it is possible to alter the prompt using prompt injection and run arbitrary Python code instead of the intended visualization code. Specifically - allowing external input to the library’s “ask” method with "visualize" set to True (default behavior) leads to remote code execution.
References: https://research.jfrog.com/vulnerabilities/vanna-prompt-injection-rce-jfsa-2024-001034449/
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
8. CVE-2024-35140
Base Score: 7.7
Base Severity: HIGH
Exploitability Score: 2.5
Impact Score: 5.2
Description: IBM Security Verify Access Docker 10.0.0 through 10.0.6 could allow a local user to escalate their privileges due to improper certificate validation. IBM X-Force ID: 292416.
References: https://exchange.xforce.ibmcloud.com/vulnerabilities/292416
https://www.ibm.com/support/pages/node/7155356
CWE-ID: CWE-295
Common Platform Enumerations (CPE): Not Found
9. CVE-2024-35142
Base Score: 8.4
Base Severity: HIGH
Exploitability Score: 2.5
Impact Score: 5.9
Description: IBM Security Verify Access Docker 10.0.0 through 10.0.6 could allow a local user to escalate their privileges due to execution of unnecessary privileges. IBM X-Force ID: 292418.
References: https://exchange.xforce.ibmcloud.com/vulnerabilities/292418
https://www.ibm.com/support/pages/node/7155356
CWE-ID: CWE-250
Common Platform Enumerations (CPE): Not Found
10. CVE-2024-36120
Base Score: 8.1
Base Severity: HIGH
Exploitability Score: 1.4
Impact Score: 6.0
Description: javascript-deobfuscator removes common JavaScript obfuscation techniques. In affected versions crafted payloads targeting expression simplification can lead to code execution. This issue has been patched in version 1.1.0. Users are advised to update. Users unable to upgrade should disable the expression simplification feature.
References: https://github.com/ben-sb/javascript-deobfuscator/commit/630d3caec83d5f31c5f7a07e6fadf613d06699d6
https://github.com/ben-sb/javascript-deobfuscator/security/advisories/GHSA-9p6p-8v9r-8c9m
CWE-ID: CWE-94
Common Platform Enumerations (CPE): Not Found
11. CVE-2023-38042
Base Score: 7.8
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.9
Description: A local privilege escalation vulnerability in Ivanti Secure Access Client for Windows allows a low privileged user to execute code as SYSTEM.
References: https://forums.ivanti.com/s/article/Security-Advisory-May-2024?language=en_US
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
12. CVE-2023-38551
Base Score: 8.2
Base Severity: HIGH
Exploitability Score: 2.3
Impact Score: 5.3
Description: A CRLF Injection vulnerability in Ivanti Connect Secure (9.x, 22.x) allows an authenticated high-privileged user to inject malicious code on a victim’s browser, thereby leading to cross-site scripting attack.
References: https://forums.ivanti.com/s/article/Security-Advisory-May-2024
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
13. CVE-2023-46810
Base Score: 7.3
Base Severity: HIGH
Exploitability Score: 1.3
Impact Score: 5.9
Description: A local privilege escalation vulnerability in Ivanti Secure Access Client for Linux before 22.7R1, allows a low privileged user to execute code as root.
References: https://forums.ivanti.com/s/article/Security-Advisory-May-2024
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
14. CVE-2024-22058
Base Score: 7.8
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.9
Description: A buffer overflow allows a low privilege user on the local machine that has the EPM Agent installed to execute arbitrary code with elevated permissions in Ivanti EPM 2021.1 and older.
References: https://forums.ivanti.com/s/article/CVE-2024-22058-Privilege-Escalation-for-Ivanti-Endpoint-Manager-EPM
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
15. CVE-2024-22059
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: A SQL injection vulnerability in web component of Ivanti Neurons for ITSM allows a remote authenticated user to read/modify/delete information in the underlying database. This may also lead to DoS.
References: https://forums.ivanti.com/s/article/Security-Advisory-May-2024
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
16. CVE-2024-22060
Base Score: 8.7
Base Severity: HIGH
Exploitability Score: 2.3
Impact Score: 5.8
Description: An unrestricted file upload vulnerability in web component of Ivanti Neurons for ITSM allows a remote, authenticated, high privileged user to write arbitrary files into sensitive directories of ITSM server.
References: https://forums.ivanti.com/s/article/Security-Advisory-May-2024
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
17. CVE-2024-29822
Base Score: 9.6
Base Severity: CRITICAL
Exploitability Score: 2.8
Impact Score: 6.0
Description: An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an unauthenticated attacker within the same network to execute arbitrary code.
References: https://forums.ivanti.com/s/article/Security-Advisory-May-2024
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
18. CVE-2024-29823
Base Score: 9.6
Base Severity: CRITICAL
Exploitability Score: 2.8
Impact Score: 6.0
Description: An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an unauthenticated attacker within the same network to execute arbitrary code.
References: https://forums.ivanti.com/s/article/Security-Advisory-May-2024
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
19. CVE-2024-29824
Base Score: 9.6
Base Severity: CRITICAL
Exploitability Score: 2.8
Impact Score: 6.0
Description: An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an unauthenticated attacker within the same network to execute arbitrary code.
References: https://forums.ivanti.com/s/article/Security-Advisory-May-2024
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
20. CVE-2024-29825
Base Score: 9.6
Base Severity: CRITICAL
Exploitability Score: 2.8
Impact Score: 6.0
Description: An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an unauthenticated attacker within the same network to execute arbitrary code.
References: https://forums.ivanti.com/s/article/Security-Advisory-May-2024
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
21. CVE-2024-29826
Base Score: 9.6
Base Severity: CRITICAL
Exploitability Score: 2.8
Impact Score: 6.0
Description: An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an unauthenticated attacker within the same network to execute arbitrary code.
References: https://forums.ivanti.com/s/article/Security-Advisory-May-2024
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
22. CVE-2024-29827
Base Score: 9.6
Base Severity: CRITICAL
Exploitability Score: 2.8
Impact Score: 6.0
Description: An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an unauthenticated attacker within the same network to execute arbitrary code.
References: https://forums.ivanti.com/s/article/Security-Advisory-May-2024
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
23. CVE-2024-29828
Base Score: 8.4
Base Severity: HIGH
Exploitability Score: 1.7
Impact Score: 6.0
Description: An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an authenticated attacker within the same network to execute arbitrary code.
References: https://forums.ivanti.com/s/article/Security-Advisory-May-2024
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
24. CVE-2024-29829
Base Score: 8.4
Base Severity: HIGH
Exploitability Score: 1.7
Impact Score: 6.0
Description: An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an authenticated attacker within the same network to execute arbitrary code.
References: https://forums.ivanti.com/s/article/Security-Advisory-May-2024
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
25. CVE-2024-29830
Base Score: 8.4
Base Severity: HIGH
Exploitability Score: 1.7
Impact Score: 6.0
Description: An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an authenticated attacker within the same network to execute arbitrary code.
References: https://forums.ivanti.com/s/article/Security-Advisory-May-2024
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
26. CVE-2024-29846
Base Score: 8.4
Base Severity: HIGH
Exploitability Score: 1.7
Impact Score: 6.0
Description: An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an authenticated attacker within the same network to execute arbitrary code.
References: https://www.ivanti.com/blog/topics/security-advisory
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
27. CVE-2024-29848
Base Score: 7.2
Base Severity: HIGH
Exploitability Score: 1.2
Impact Score: 5.9
Description: An unrestricted file upload vulnerability in web component of Ivanti Avalanche before 6.4.x allows an authenticated, privileged user to execute arbitrary commands as SYSTEM.
References: https://forums.ivanti.com/s/article/Security-Advisory-May-2024
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
28. CVE-2024-5564
Base Score: 7.4
Base Severity: HIGH
Exploitability Score: 1.4
Impact Score: 5.9
Description: A vulnerability was found in libndp. This flaw allows a local malicious user to cause a buffer overflow in NetworkManager, triggered by sending a malformed IPv6 router advertisement packet. This issue occurred as libndp was not correctly validating the route length information.
References: https://access.redhat.com/security/cve/CVE-2024-5564
https://bugzilla.redhat.com/show_bug.cgi?id=2284122
CWE-ID: CWE-120
Common Platform Enumerations (CPE): Not Found
This edition of the AppSecWorld's CVE Daily Digest provides a snapshot of the vulnerabilities published in National Vulnerability Database between May 31-01, 2024.
During this period, The National Vulnerability Database published 81, and these new Common Vulnerabilities and Exposures (CVEs) are classified as follows:
Critical: 8
High: 20
Medium: 14
Low: 1
Severity Not Assigned: 38
Identifying and understanding these vulnerabilities are pivotal steps towards enhancing security measures and creating a safer digital environment.
Now, let's delve deeper into AppSecWorld's CVE Daily Digest, spotlighting the Critical and High Severity vulnerabilities that demand immediate attention.
1. CVE-2024-5345
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: The Responsive Owl Carousel for Elementor plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.2.0 via the layout parameter. This makes it possible for authenticated attackers, with Contributor-level access and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included. The inclusion is limited to PHP files.
References: https://plugins.trac.wordpress.org/browser/responsive-owl-carousel-elementor/trunk/includes/widgets/owl-carousel.php#L669
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3092511%40responsive-owl-carousel-elementor%2Ftrunk&old=3092226%40responsive-owl-carousel-elementor%2Ftrunk&sfp_email=&sfph_mail=
https://www.wordfence.com/threat-intel/vulnerabilities/id/0638c8f3-070a-4b42-ba58-396f3f259b9d?source=cve
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
2. CVE-2024-2793
Base Score: 7.2
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 2.7
Description: The Visual Website Collaboration, Feedback & Project Management – Atarim plugin for WordPress is vulnerable to Stored Cross-Site Scripting via comments in all versions up to, and including, 3.30 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
References: https://plugins.trac.wordpress.org/browser/atarim-visual-collaboration/trunk/inc/wpf_ajax_functions.php#L1923
https://plugins.trac.wordpress.org/browser/atarim-visual-collaboration/trunk/inc/wpf_ajax_functions.php#L505
https://plugins.trac.wordpress.org/browser/atarim-visual-collaboration/trunk/inc/wpf_ajax_functions.php#L666
https://plugins.trac.wordpress.org/changeset/3094260/
https://plugins.trac.wordpress.org/changeset/3094999/
https://www.wordfence.com/threat-intel/vulnerabilities/id/9bd63003-d1d6-480a-8df7-878bcc89f1ee?source=cve
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
3. CVE-2024-5523
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: SQL injection vulnerability in Astrotalks affecting version 10/03/2023. This vulnerability could allow an authenticated local user to send a specially crafted SQL query to the 'searchString' parameter and retrieve all information stored in the database.
References: https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-astrotalks
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
4. CVE-2024-5525
Base Score: 8.3
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.5
Description: Improper privilege management vulnerability in Astrotalks affecting version 10/03/2023. This vulnerability allows a local user to access the application as an administrator without any provided credentials, allowing the attacker to perform administrative actions.
References: https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-astrotalks
CWE-ID: CWE-269
Common Platform Enumerations (CPE): Not Found
5. CVE-2024-23692
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: Rejetto HTTP File Server, up to and including version 2.3m, is vulnerable to a template injection vulnerability. This vulnerability allows a remote, unauthenticated attacker to execute arbitrary commands on the affected system by sending a specially crafted HTTP request. As of the CVE assignment date, Rejetto HFS 2.3m is no longer supported.
References: https://mohemiv.com/all/rejetto-http-file-server-2-3m-unauthenticated-rce/
https://vulncheck.com/advisories/rejetto-unauth-rce
CWE-ID: CWE-1336
Common Platform Enumerations (CPE): Not Found
6. CVE-2024-36108
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: casgate is an Open Source Identity and Access Management system. In affected versions `casgate` allows remote unauthenticated attacker to obtain sensitive information via GET request to an API endpoint. This issue has been addressed in PR #201 which is pending merge. An attacker could use `id` parameter of GET requests with value `anonymous/ anonymous` to bypass authorization on certain API endpoints. Successful exploitation of the vulnerability could lead to account takeover, privilege escalation or provide attacker with credential to other services. Users are advised to upgrade. There are no known workarounds for this vulnerability.
References: https://github.com/casgate/casgate/pull/201
https://github.com/casgate/casgate/security/advisories/GHSA-mj5q-rc67-h56c
CWE-ID: CWE-285
Common Platform Enumerations (CPE): Not Found
7. CVE-2024-5565
Base Score: 8.1
Base Severity: HIGH
Exploitability Score: 2.2
Impact Score: 5.9
Description: The Vanna library uses a prompt function to present the user with visualized results, it is possible to alter the prompt using prompt injection and run arbitrary Python code instead of the intended visualization code. Specifically - allowing external input to the library’s “ask” method with "visualize" set to True (default behavior) leads to remote code execution.
References: https://research.jfrog.com/vulnerabilities/vanna-prompt-injection-rce-jfsa-2024-001034449/
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
8. CVE-2024-35140
Base Score: 7.7
Base Severity: HIGH
Exploitability Score: 2.5
Impact Score: 5.2
Description: IBM Security Verify Access Docker 10.0.0 through 10.0.6 could allow a local user to escalate their privileges due to improper certificate validation. IBM X-Force ID: 292416.
References: https://exchange.xforce.ibmcloud.com/vulnerabilities/292416
https://www.ibm.com/support/pages/node/7155356
CWE-ID: CWE-295
Common Platform Enumerations (CPE): Not Found
9. CVE-2024-35142
Base Score: 8.4
Base Severity: HIGH
Exploitability Score: 2.5
Impact Score: 5.9
Description: IBM Security Verify Access Docker 10.0.0 through 10.0.6 could allow a local user to escalate their privileges due to execution of unnecessary privileges. IBM X-Force ID: 292418.
References: https://exchange.xforce.ibmcloud.com/vulnerabilities/292418
https://www.ibm.com/support/pages/node/7155356
CWE-ID: CWE-250
Common Platform Enumerations (CPE): Not Found
10. CVE-2024-36120
Base Score: 8.1
Base Severity: HIGH
Exploitability Score: 1.4
Impact Score: 6.0
Description: javascript-deobfuscator removes common JavaScript obfuscation techniques. In affected versions crafted payloads targeting expression simplification can lead to code execution. This issue has been patched in version 1.1.0. Users are advised to update. Users unable to upgrade should disable the expression simplification feature.
References: https://github.com/ben-sb/javascript-deobfuscator/commit/630d3caec83d5f31c5f7a07e6fadf613d06699d6
https://github.com/ben-sb/javascript-deobfuscator/security/advisories/GHSA-9p6p-8v9r-8c9m
CWE-ID: CWE-94
Common Platform Enumerations (CPE): Not Found
11. CVE-2023-38042
Base Score: 7.8
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.9
Description: A local privilege escalation vulnerability in Ivanti Secure Access Client for Windows allows a low privileged user to execute code as SYSTEM.
References: https://forums.ivanti.com/s/article/Security-Advisory-May-2024?language=en_US
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
12. CVE-2023-38551
Base Score: 8.2
Base Severity: HIGH
Exploitability Score: 2.3
Impact Score: 5.3
Description: A CRLF Injection vulnerability in Ivanti Connect Secure (9.x, 22.x) allows an authenticated high-privileged user to inject malicious code on a victim’s browser, thereby leading to cross-site scripting attack.
References: https://forums.ivanti.com/s/article/Security-Advisory-May-2024
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
13. CVE-2023-46810
Base Score: 7.3
Base Severity: HIGH
Exploitability Score: 1.3
Impact Score: 5.9
Description: A local privilege escalation vulnerability in Ivanti Secure Access Client for Linux before 22.7R1, allows a low privileged user to execute code as root.
References: https://forums.ivanti.com/s/article/Security-Advisory-May-2024
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
14. CVE-2024-22058
Base Score: 7.8
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.9
Description: A buffer overflow allows a low privilege user on the local machine that has the EPM Agent installed to execute arbitrary code with elevated permissions in Ivanti EPM 2021.1 and older.
References: https://forums.ivanti.com/s/article/CVE-2024-22058-Privilege-Escalation-for-Ivanti-Endpoint-Manager-EPM
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
15. CVE-2024-22059
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: A SQL injection vulnerability in web component of Ivanti Neurons for ITSM allows a remote authenticated user to read/modify/delete information in the underlying database. This may also lead to DoS.
References: https://forums.ivanti.com/s/article/Security-Advisory-May-2024
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
16. CVE-2024-22060
Base Score: 8.7
Base Severity: HIGH
Exploitability Score: 2.3
Impact Score: 5.8
Description: An unrestricted file upload vulnerability in web component of Ivanti Neurons for ITSM allows a remote, authenticated, high privileged user to write arbitrary files into sensitive directories of ITSM server.
References: https://forums.ivanti.com/s/article/Security-Advisory-May-2024
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
17. CVE-2024-29822
Base Score: 9.6
Base Severity: CRITICAL
Exploitability Score: 2.8
Impact Score: 6.0
Description: An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an unauthenticated attacker within the same network to execute arbitrary code.
References: https://forums.ivanti.com/s/article/Security-Advisory-May-2024
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
18. CVE-2024-29823
Base Score: 9.6
Base Severity: CRITICAL
Exploitability Score: 2.8
Impact Score: 6.0
Description: An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an unauthenticated attacker within the same network to execute arbitrary code.
References: https://forums.ivanti.com/s/article/Security-Advisory-May-2024
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
19. CVE-2024-29824
Base Score: 9.6
Base Severity: CRITICAL
Exploitability Score: 2.8
Impact Score: 6.0
Description: An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an unauthenticated attacker within the same network to execute arbitrary code.
References: https://forums.ivanti.com/s/article/Security-Advisory-May-2024
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
20. CVE-2024-29825
Base Score: 9.6
Base Severity: CRITICAL
Exploitability Score: 2.8
Impact Score: 6.0
Description: An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an unauthenticated attacker within the same network to execute arbitrary code.
References: https://forums.ivanti.com/s/article/Security-Advisory-May-2024
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
21. CVE-2024-29826
Base Score: 9.6
Base Severity: CRITICAL
Exploitability Score: 2.8
Impact Score: 6.0
Description: An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an unauthenticated attacker within the same network to execute arbitrary code.
References: https://forums.ivanti.com/s/article/Security-Advisory-May-2024
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
22. CVE-2024-29827
Base Score: 9.6
Base Severity: CRITICAL
Exploitability Score: 2.8
Impact Score: 6.0
Description: An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an unauthenticated attacker within the same network to execute arbitrary code.
References: https://forums.ivanti.com/s/article/Security-Advisory-May-2024
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
23. CVE-2024-29828
Base Score: 8.4
Base Severity: HIGH
Exploitability Score: 1.7
Impact Score: 6.0
Description: An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an authenticated attacker within the same network to execute arbitrary code.
References: https://forums.ivanti.com/s/article/Security-Advisory-May-2024
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
24. CVE-2024-29829
Base Score: 8.4
Base Severity: HIGH
Exploitability Score: 1.7
Impact Score: 6.0
Description: An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an authenticated attacker within the same network to execute arbitrary code.
References: https://forums.ivanti.com/s/article/Security-Advisory-May-2024
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
25. CVE-2024-29830
Base Score: 8.4
Base Severity: HIGH
Exploitability Score: 1.7
Impact Score: 6.0
Description: An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an authenticated attacker within the same network to execute arbitrary code.
References: https://forums.ivanti.com/s/article/Security-Advisory-May-2024
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
26. CVE-2024-29846
Base Score: 8.4
Base Severity: HIGH
Exploitability Score: 1.7
Impact Score: 6.0
Description: An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an authenticated attacker within the same network to execute arbitrary code.
References: https://www.ivanti.com/blog/topics/security-advisory
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
27. CVE-2024-29848
Base Score: 7.2
Base Severity: HIGH
Exploitability Score: 1.2
Impact Score: 5.9
Description: An unrestricted file upload vulnerability in web component of Ivanti Avalanche before 6.4.x allows an authenticated, privileged user to execute arbitrary commands as SYSTEM.
References: https://forums.ivanti.com/s/article/Security-Advisory-May-2024
CWE-ID: Not assigned as of now
Common Platform Enumerations (CPE): Not Found
28. CVE-2024-5564
Base Score: 7.4
Base Severity: HIGH
Exploitability Score: 1.4
Impact Score: 5.9
Description: A vulnerability was found in libndp. This flaw allows a local malicious user to cause a buffer overflow in NetworkManager, triggered by sending a malformed IPv6 router advertisement packet. This issue occurred as libndp was not correctly validating the route length information.
References: https://access.redhat.com/security/cve/CVE-2024-5564
https://bugzilla.redhat.com/show_bug.cgi?id=2284122
CWE-ID: CWE-120
Common Platform Enumerations (CPE): Not Found