VDB

GCVE-110-NCSC-2025-17

GCVE-110-NCSC-2025-17
Advisory PublishedCVSS 9.8/10
Vulnetix · Advisory published January 15, 2025
Ivanti heeft kwetsbaarheden verholpen in Ivanti Endpoint Manager (EPM) die aanwezig waren in versies vóór de januari 2025 beveiligingsupdates.

Weaknesses (CWE)

CWE-36Absolute Path TraversalCWE-22Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')CWE-89Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')CWE-502Deserialization of Untrusted DataCWE-908Use of Uninitialized ResourceCWE-787Out-of-bounds WriteCWE-843Access of Resource Using Incompatible Type ('Type Confusion')CWE-434Unrestricted Upload of File with Dangerous TypeCWE-347Improper Verification of Cryptographic Signature

Risk Scores

CVSS 3.1
9.8/10
Critical · CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected Products

VendorProductVersionsPlatforms
ivantiivanti_endpoint_manager__2024_su1
ivantiepm
ivantiivanti_endpoint_manager__2022_su6
ivantiivanti_endpoint_manager__2024_security_patch
ivantiendpoint_manager

References

advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory

Browse GCVE Records

72,921 records in the GCVE database · Updated July 15, 2026

No matching records found.

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

$ Console Community · 100/wk Open console ›