PT-2025-1134 · Ivanti · Ivanti Epm

Zach Hanley

Publicado

2025-01-13

Atualizado

2026-05-02

CVE-2024-13160

CVSS v3.1

Crítica

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Ivanti EPM versions before 2024 January-2025 Security Update Ivanti EPM versions before 2022 SU6 January-2025 Security Update

Description The issue is related to an absolute path traversal in Ivanti EPM, which can be exploited by a remote unauthenticated attacker to leak sensitive information. This is due to incorrect restriction of the directory path name.

Recommendations For versions before 2024 January-2025 Security Update, apply the 2024 January-2025 Security Update. For versions before 2022 SU6 January-2025 Security Update, apply the 2022 SU6 January-2025 Security Update.

Exploit

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-36

Identificadores relacionados

BDU:2025-00407

CVE-2024-13160

Produtos afetados

Ivanti Epm

PT-2025-1134 · Ivanti · Ivanti Epm

CVE-2024-13160

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 35