CVE-2024-10811

Name of the Vulnerable Software and Affected Versions Ivanti EPM versions before 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update

Description The issue is related to absolute path traversal in Ivanti EPM, allowing a remote unauthenticated attacker to leak sensitive information. This can be exploited by an attacker to gain unauthorized access to protected information.

Recommendations For Ivanti EPM versions before the 2024 January-2025 Security Update, update to the 2024 January-2025 Security Update or later. For Ivanti EPM versions before the 2022 SU6 January-2025 Security Update, update to the 2022 SU6 January-2025 Security Update or later. As a temporary workaround, consider restricting access to sensitive information until the issue is resolved.