CVE-2024-13160 | Teknoloji dünyasından en güncel haberleri ve güvenlikle ilgili gelişmeleri takip edin.

Absolute path traversal in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated att…
Critical KEV CVSS: 9.8

CVE-2024-13160

Absolute path traversal in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to leak sensitive information.
Vendor
Ivanti
Product
Endpoint Manager
CWE
CWE-36
Yayın Tarihi
2025-01-14 18:15:26
Güncelleme
2025-10-24 14:48:51
Source Identifier
3c1d8aa1-5a33-4ea4-8992-aadd6440af75
KEV Date Added
2025-03-10

Kategoriler

CWE-36 Endpoint Manager CRITICAL Ivanti 2025

Referanslar

https://forums.ivanti.com/s/article/Security-Advisory-EPM-January-2025-for-EPM-2024-and-EPM-2022-SU6 https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-13160 https://www.horizon3.ai/attack-research/attack-blogs/ivanti-endpoint-manager-multiple-credential-coercion-vulnerabilities/