CVE-2024-37381: 
Ivanti Endpoint Manager vulnerability analysis and mitigation

A high-severity SQL Injection vulnerability (CVE-2024-37381) was discovered in the Core server of Ivanti Endpoint Management (EPM) 2024 flat. The vulnerability, which received a CVSS score of 8.4, was disclosed in July 2024 and affects the EPM software that manages various device platforms including Windows, macOS, Chrome OS, and IoT devices (SecurityWeek, Security Online).

The vulnerability is classified as CWE-89 (Improper Neutralization of Special Elements used in an SQL Command) and requires network access and authentication for exploitation. The flaw received a CVSS v3.0 base score of 8.4 (High) with the following vector: CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H, indicating adjacent network access requirements, low attack complexity, and high privileges needed for exploitation (NVD).

If successfully exploited, the vulnerability allows authenticated attackers within the same network to execute arbitrary code on affected systems. The vulnerability affects the core functionality of the EPM software, potentially compromising the security of managed endpoints across an organization's infrastructure (SecurityWeek).

Ivanti has released a Security Hot Patch specifically for EPM 2024 flat to address the vulnerability. The patch requires updating four crucial DLL files on the Core Server, including PatchApi.dll and MBSDKService.dll. Organizations can either manually replace the DLLs or use a provided PowerShell script for automated updates, followed by a server restart or IISRESET to ensure proper implementation (Security Online).