PT-2025-1127 · Ivanti · Ivanti Epm

Published

2025-01-13

Updated

2025-07-11

CVE-2024-13164

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Ivanti EPM versions prior to 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update

Description The issue is related to an uninitialized resource in Ivanti EPM, which can be exploited by a local authenticated attacker to escalate their privileges. This allows the attacker to gain higher access levels within the system.

Recommendations For versions prior to the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update, apply the respective security updates to resolve the issue. At the moment, there is no information about additional mitigation measures.

Fix

Use of Uninitialized Resource

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-908

Related Identifiers

BDU:2025-00399

CVE-2024-13164

ZDI-25-039

Affected Products

Ivanti Epm

PT-2025-1127 · Ivanti · Ivanti Epm

CVE-2024-13164

Weakness Enumeration

Related Identifiers

Affected Products

References · 7