GCVE-VVD-NCSC-2025-17

Advisory PublishedCVSS 9.8/10

Vulnetix · Advisory published January 15, 2025

Ivanti heeft kwetsbaarheden verholpen in Ivanti Endpoint Manager (EPM) die aanwezig waren in versies vóór de januari 2025 beveiligingsupdates.

Download JSON Open in Console

Weaknesses (CWE)

CWE-36Absolute Path TraversalCWE-22Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')CWE-89Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')CWE-502Deserialization of Untrusted DataCWE-908Use of Uninitialized ResourceCWE-787Out-of-bounds WriteCWE-843Access of Resource Using Incompatible Type ('Type Confusion')CWE-434Unrestricted Upload of File with Dangerous TypeCWE-347Improper Verification of Cryptographic Signature

Risk Scores

CVSS 3.1

9.8/10

Critical · CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected Products

Vendor	Product	Versions	Platforms
ivanti	ivanti_endpoint_manager__2024_su1	—	—
ivanti	epm	—	—
ivanti	ivanti_endpoint_manager__2022_su6	—	—
ivanti	ivanti_endpoint_manager__2024_security_patch	—	—
ivanti	endpoint_manager	—	—

Aliases

CVE-2024-10811 CVE-2024-13166 CVE-2024-13169 CVE-2024-13159 CVE-2024-13167 CVE-2024-13160 CVE-2024-13165 CVE-2024-13158 CVE-2024-13168 CVE-2024-13162 CVE-2024-13170 CVE-2024-13171 CVE-2024-13161 CVE-2024-13164 CVE-2024-13172 CVE-2024-32848 CVE-2024-13163

Transitive aliases

GHSA-c5xq-93hx-p95r GHSA-g5xq-ccc5-74p4 CVE-2024-8321 GHSA-x4fw-fhfj-vm7c CVE-2024-32845 GHSA-cfw8-99m9-5qfm GHSA-6m9g-cw25-j9jc GHSA-qm6j-jqgw-8fcg GHSA-f53w-fw63-qjpw GHSA-35pg-8ph2-rp9c BDU:2024-07250 BDU:2025-00409 BDU:2025-00411 GHSA-pvh3-rvqg-w4qc CVE-2024-32846 GHSA-qfx3-m2xp-3pcp CNVD-2024-38821 BDU:2024-07157 BDU:2025-00398 BDU:2024-07251 BDU:2024-07734 BDU:2024-07155 BDU:2025-00397 GHSA-v7mj-q2hh-7r72 CVE-2024-32842 CVE-2024-32843 BDU:2024-07274 GHSA-w8hf-8rpm-xjp2 BDU:2024-07263 GHSA-2j3p-vpp9-9f53 BDU:2025-00408 GHSA-98mp-xvw5-2fch BDU:2025-00404 BDU:2025-00396 GHSA-qccp-2vxv-82w5 BDU:2024-06794 BDU:2025-00401 CVE-2024-34779 CVE-2024-37397 GHSA-g7wm-3q7g-g3q2 GHSA-rj4v-5f39-crv6 VVD-ANCHORE-2024-37397 BDU:2025-00402 GHSA-6v62-48r8-7wh2 BDU:2025-00410 GHSA-gg3w-r79x-787f BDU:2025-00405 BDU:2024-07154 BDU:2025-00406 BDU:2024-07268 BDU:2024-07158 GHSA-rg56-4h6q-rfgq GHSA-vh7p-jh36-p55r GHSA-6358-wjwp-64w4 WID-SEC-W-2024-2109 CVE-2024-29847 BDU:2025-00407 CVE-2024-34783 CVE-2024-34785 CVE-2024-8441 BDU:2024-07249 GHSA-42p2-q66q-8hx8 CNVD-2025-30742 BDU:2025-00375 GHSA-gwpx-4h2q-gxjq VVD-NCSC-2024-369 GHSA-wfg8-6fh4-8fp9 BDU:2024-07266 GHSA-c45c-r247-q8hc CVE-2024-8320 GSD-2024-29847 BDU:2024-07248 GHSA-h926-5fmr-p532 GHSA-r268-64hq-mv45 BDU:2024-07273 GHSA-5fwx-95cc-hcxv BDU:2025-00399 NCSC-2024-0369 CVE-2024-32840 CVE-2024-8322 BDU:2024-07156 GHSA-jv5c-8jgx-c489 BDU:2025-00403 CVE-2024-8191 GHSA-pcxj-w6pv-x9c5 GHSA-22q6-7m3g-6r77

References

advisory

Browse GCVE Records

100 records in the GCVE database · Updated April 16, 2026

No matching records found.

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

Open in Console Download JSON