CVE-2024-13158
CVSS 3.1 Score 7.2 of 10 (high)
Details
Published Jan 14, 2025
CWE ID 22
CWE ID 426
Summary
CVE-2024-13158 refers to a remote code execution vulnerability affecting Ivanti Enterprise Privacy Manager (EPM) versions before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update. An attacker with administrative privileges can exploit an unbounded resource search path to execute arbitrary code remotely. This issue poses a significant risk, especially for organizations using outdated Ivanti EPM versions. It is highly recommended that users install the latest security updates to mitigate this vulnerability.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share