PT-2024-8595 · Ivanti · Ivanti Endpoint Manager
Published
2024-05-09
·
Updated
2024-11-14
·
CVE-2024-34787
CVSS v3.1
7.8
High
| Vector | AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Ivanti Endpoint Manager versions prior to 2024 November Security Update
Ivanti Endpoint Manager versions prior to 2022 SU6 November Security Update
Description
The issue is related to path traversal in Ivanti Endpoint Manager, which is caused by incorrect restriction of the path name to a directory with limited access. This allows a local unauthenticated attacker to achieve code execution, but user interaction is required.
Recommendations
For versions prior to 2024 November Security Update, update to the 2024 November Security Update to resolve the issue.
For versions prior to 2022 SU6 November Security Update, update to the 2022 SU6 November Security Update to resolve the issue.
Fix
Path traversal
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Ivanti Endpoint Manager