CVE-2024-13161

Name of the Vulnerable Software and Affected Versions Ivanti EPM versions before 2024 January-2025 Security Update Ivanti EPM versions before 2022 SU6 January-2025 Security Update

Description The issue is related to absolute path traversal in Ivanti EPM, allowing a remote unauthenticated attacker to leak sensitive information. This can be exploited by an attacker to gain unauthorized access to protected information. The vulnerability is associated with incorrect restriction of the directory path name.

Recommendations For Ivanti EPM versions before 2024 January-2025 Security Update, apply the 2024 January-2025 Security Update to resolve the issue. For Ivanti EPM versions before 2022 SU6 January-2025 Security Update, apply the 2022 SU6 January-2025 Security Update to resolve the issue.