VDB
CISA-2024-13171
CISA-2024-13171
PUBLISHED
CVSS 7.8 HIGH
Reported by ivanti · Published January 14, 2025
Insufficient filename validation in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to achieve remote code execution. Local user interaction is required.
Risk Scores
CVSS 3.1
7.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ivanti | Endpoint Manager | 2024 January-2025 Security Update, 2022 SU6 January-2025 Security Update |
| Ivanti | Endpoint Manager | *, *, * |
Timeline
- Jan 14, 2025 CVE Published
- Feb 26, 2026 CVE Updated