Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
7.2
CVE-2024-50326: Ivanti Endpoint Manager allows attackers to take control with admin access
Exploitation likelihood: 26%
CVE-2024-50326
Summary
Ivanti Endpoint Manager, a tool used to manage company computers, has a security weakness that lets hackers with admin access to the system gain complete control over it. This is a serious issue because it allows an attacker to do anything they want with the system. To protect your system, update to the latest version with the November security patch.
What to do
No fix is available yet. Check with your software vendor for updates.
Affected software
| Vendor | Product | Affected versions |
|---|---|---|
| ivanti | endpoint_manager |
< 2022 2022 2024 cpe:2.3:a:ivanti:endpoint_manager:*:*:*:*:*:*:*:* |
Original title
SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote authenticated attacker with admin privileges to achieve remote cod...
Original description
SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote authenticated attacker with admin privileges to achieve remote code execution.
nvd CVSS3.1
7.2
Vulnerability type
CWE-89
SQL Injection
Published: 12 Nov 2024 · Updated: 15 Jun 2026 · First seen: 7 Mar 2026