CVE-2024-13160 - Ivanti Endpoint Manager (EPM) Absolute Path Traversal Vulnerability

Vulnerability Name

Ivanti Endpoint Manager (EPM) Absolute Path Traversal Vulnerability

Description

Ivanti Endpoint Manager (EPM) contains an absolute path traversal vulnerability that allows a remote unauthenticated attacker to leak sensitive information.

Known To Be Used in Ransomware Campaigns?

Unknown

Action

Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Additional Notes

https://forums.ivanti.com/s/article/Security-Advisory-EPM-January-2025-for-EPM-2024-and-EPM-2022-SU6?language=en_US

https://nvd.nist.gov/vuln/detail/CVE-2024-13160

Related News Articles

CISA tags critical Ivanti EPM flaws as actively exploited in attacksMarch 11, 2025

CISA Adds Five Actively Exploited Vulnerabilities in Advantive VeraCore and Ivanti EPM to KEV ListMarch 11, 2025