CISA Known Exploited Vulnerability (KEV)
Ivanti Endpoint Manager (EPM) Absolute Path Traversal Vulnerability
March 10, 2025
March 31, 2025
Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Description
Absolute path traversal in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to leak sensitive information.
References
Weakness Enumeration
| CWE-ID | CWE Name |
|---|---|
|
CWE-36 |
Absolute Path Traversal |