4 matches found
Ivanti EPM - Credential Coercion Vulnerability in GetHashForWildcard
A vulnerability in Ivanti Endpoint Manager EPM allows an unauthenticated attacker to coerce the EPM machine account credential via the GetHashForWildcard endpoint. The vulnerability exists due to improper input validation in the wildcard parameter, allowing an attacker to specify a remote UNC pat...
CVE-2024-13160
Absolute path traversal in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to leak sensitive information...
CVE-2024-13160
creationtimestamp| type| source ---|---|--- 2025-01-14 17:21:39+00:00| seen| https://infosec.exchange/users/cve/statuses/113827859589893903 2025-01-14 18:16:02+00:00| seen| https://bsky.app/profile/cve-notifications.bsky.social/post/3lfpuauw5tm2b 2025-01-16 09:05:19+00:00| seen|...
CVE-2024-13160
Absolute path traversal in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to leak sensitive information...