CVE-2024-13159
CVSS 3.1 Score 9.8 of 10 (high)
Details
Summary
CVE-2024-13159 is a newly identified vulnerability affecting Ivanti Endpoint Manager (EPM) versions prior to the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update. This issue permits unauthenticated remote attackers to exploit an absolute path traversal flaw, resulting in the leakage of sensitive information. The vulnerability could potentially be exploited through specially crafted requests, allowing the attacker to bypass access controls and gain unauthorized access to confidential data. Ivanti urges users to apply the available security updates promptly to mitigate this risk.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.