CVE-2024-13160 - Ivanti Endpoint Manager (EPM) Absolute Path Traversal Vulnerability
项目:Ivanti
产品:Endpoint Manager (EPM)
添加日期:2025-03-10到期日:2025-03-31最后更新:June 21, 2025
漏洞名称
Ivanti Endpoint Manager (EPM) Absolute Path Traversal Vulnerability
描述
Ivanti Endpoint Manager (EPM) contains an absolute path traversal vulnerability that allows a remote unauthenticated attacker to leak sensitive information.
已知用于勒索软件活动吗?
Unknown
采集行动
Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
其他说明
https://forums.ivanti.com/s/article/Security-Advisory-EPM-January-2025-for-EPM-2024-and-EPM-2022-SU6?language=en_US
https://nvd.nist.gov/vuln/detail/CVE-2024-13160
相关新闻文章
CISA: Recently patched Ivanti EPM flaw now actively exploitedMarch 10, 2026
CISA tags critical Ivanti EPM flaws as actively exploited in attacksMarch 11, 2025
CISA Adds Five Actively Exploited Vulnerabilities in Advantive VeraCore and Ivanti EPM to KEV ListMarch 11, 2025