PT-2025-1130 · Ivanti · Ivanti Epm
Published
2025-01-13
·
Updated
2025-07-11
·
CVE-2024-13165
CVSS v2.0
7.8
High
| Vector | AV:N/AC:L/Au:N/C:N/I:N/A:C |
Name of the Vulnerable Software and Affected Versions
Ivanti EPM versions prior to 2024 January-2025 Security Update
Ivanti EPM versions prior to 2022 SU6 January-2025 Security Update
Description
The issue is related to an out-of-bounds write in Ivanti EPM, allowing a remote unauthenticated attacker to cause a denial of service. This can be exploited by a remote attacker to disrupt service.
Recommendations
For versions prior to 2024 January-2025 Security Update, apply the 2024 January-2025 Security Update.
For versions prior to 2022 SU6 January-2025 Security Update, apply the 2022 SU6 January-2025 Security Update.
As a temporary workaround, consider restricting access to the AlertService to minimize the risk of exploitation.
Fix
DoS
Memory Corruption
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Ivanti Epm