PT-2026-38456 · Ivanti · Epmm
Published
2026-05-07
·
Updated
2026-05-10
·
CVE-2026-6973
CVSS v3.1
7.2
High
| Vector | AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Ivanti Endpoint Manager Mobile versions prior to 12.6.1.1
Ivanti Endpoint Manager Mobile versions prior to 12.7.0.1
Ivanti Endpoint Manager Mobile versions prior to 12.8.0.1
Description
Improper input validation in the on-premises version of Ivanti Endpoint Manager Mobile allows a remotely authenticated user with administrative access to achieve remote code execution. This issue has been actively exploited in the wild, with over 850 servers reported as reachable from the internet. Potential impacts include the compromise of payroll records, device credentials, and sensitive employee files.
Recommendations
Update to version 12.6.1.1 or later.
Update to version 12.7.0.1 or later.
Update to version 12.8.0.1 or later.
Fix
RCE
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Epmm