CVE-2024-13160 - Ivanti Endpoint Manager (EPM) Absolute Path Traversal Vulnerability

项目:Ivanti

产品:Endpoint Manager (EPM)

添加日期:2025-03-10到期日:2025-03-31最后更新:June 21, 2025

漏洞名称

Ivanti Endpoint Manager (EPM) Absolute Path Traversal Vulnerability

描述

Ivanti Endpoint Manager (EPM) contains an absolute path traversal vulnerability that allows a remote unauthenticated attacker to leak sensitive information.

已知用于勒索软件活动吗?

Unknown

采集行动

Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

其他说明

https://forums.ivanti.com/s/article/Security-Advisory-EPM-January-2025-for-EPM-2024-and-EPM-2022-SU6?language=en_US

https://nvd.nist.gov/vuln/detail/CVE-2024-13160

相关新闻文章

CISA: Recently patched Ivanti EPM flaw now actively exploitedMarch 10, 2026

CISA tags critical Ivanti EPM flaws as actively exploited in attacksMarch 11, 2025

CISA Adds Five Actively Exploited Vulnerabilities in Advantive VeraCore and Ivanti EPM to KEV ListMarch 11, 2025

相关 CWE