An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an unauthenticated attacker within the same network to execute arbitrary code.
https://thehackernews.com/2024/10/nation-state-attackers-exploiting.html
https://thehackernews.com/2024/10/zero-day-alert-three-critical-ivanti.html
https://forums.ivanti.com/s/article/KB-Security-Advisory-EPM-May-2024?language=en_US
https://forums.ivanti.com/s/article/Security-Advisory-May-2024