Overview
- Description
- Allows an authenticated attacker with network access to read arbitrary files on Endpoint Manager recently discovered on 2022 SU3 and all previous versions potentially leading to the leakage of sensitive information.
- Source
- support@hackerone.com
- NVD status
- Analyzed
Risk scores
CVSS 3.1
- Type
- Primary
- Base score
- 6.5
- Impact score
- 3.6
- Exploitability score
- 2.8
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
- Severity
- MEDIUM
Weaknesses
- nvd@nist.gov
- NVD-CWE-noinfo
Social media
- Hype score
- Not currently trending
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ivanti:endpoint_manager:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "B1F6549B-CF5D-4607-B67D-5489905A1705",
"versionEndExcluding": "2022"
},
{
"criteria": "cpe:2.3:a:ivanti:endpoint_manager:2022:-:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "46580865-5177-4E55-BDAC-73DA4B472B35"
},
{
"criteria": "cpe:2.3:a:ivanti:endpoint_manager:2022:su1:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E57E12B5-B789-450C-9476-6C4C151E6993"
},
{
"criteria": "cpe:2.3:a:ivanti:endpoint_manager:2022:su2:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E47C65B3-56DD-4D65-8B4B-6AFFE28E94F2"
},
{
"criteria": "cpe:2.3:a:ivanti:endpoint_manager:2022:su3:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "10D6EAB7-B14B-45E9-92B9-4FADFBBB08AF"
}
],
"operator": "OR"
}
]
}
]