CVE-2024-13160

Name of the Vulnerable Software and Affected Versions Ivanti EPM versions before 2024 January-2025 Security Update Ivanti EPM versions before 2022 SU6 January-2025 Security Update

Description The issue is related to an absolute path traversal in Ivanti EPM, which can be exploited by a remote unauthenticated attacker to leak sensitive information. This is due to incorrect restriction of the directory path name.

Recommendations For versions before 2024 January-2025 Security Update, apply the 2024 January-2025 Security Update. For versions before 2022 SU6 January-2025 Security Update, apply the 2022 SU6 January-2025 Security Update.