CVE-2024-10811

Published Jan 14, 2025

Last updated 6 days ago

CVSS critical 9.8

Overview

Description
Absolute path traversal in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to leak sensitive information.
Source
3c1d8aa1-5a33-4ea4-8992-aadd6440af75
NVD status
Awaiting Analysis

Risk scores

CVSS 3.1

Type
Secondary
Base score
9.8
Impact score
5.9
Exploitability score
3.9
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Severity
CRITICAL

Weaknesses

3c1d8aa1-5a33-4ea4-8992-aadd6440af75
CWE-36

Social media

Hype score is a measure of social media activity compared against trending CVEs from the past 12 months. Max score 100.

Hype score

1

  1. Actively exploited CVE : CVE-2024-10811

    @transilienceai

    25 Feb 2025

    11 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  2. https://t.co/ZYzEf3Pq9G has unveiled four critical vulnerabilities in Ivanti EPM (CVE-2024-10811, CVE-2024-13161, CVE-2024-13160, CVE-2024-13159) with a CVSS score of 9.8. Major risk for server security 🌐💻 #Ivanti #Vulnerability #USA link: https://t.co/aXrPlEvX1n https://t.co/

    @TweetThreatNews

    20 Feb 2025

    46 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  3. Critical Path Traversal Vulnerabilities (CVE-2024-10811, CVE-2024-13161, CVE-2024-13160, and CVE-2024-13159) in Ivanti Endpoint Manager https://t.co/gQZPuZDaBu

    @WhalersLtd

    19 Jan 2025

    1 Impression

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  4. 🚨 Multiples critical security flaws in Ivanti Endpoint Manager: - CVE-2024-10811 - CVE-2024-13161 - CVE-2024-13160 - CVE-2024-13159 The vulnerability is actively exploited in the wild and has been integrated into Patrowl. Our customers assets are protected. 🦉 #InfoSec https://t

    @Patrowl_io

    17 Jan 2025

    33 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  5. #Ivanti: Researcher Uncovers Critical Vulnerabilities in Multiple Versions of Ivanti Endpoint Manager (#EPM) and Ivanti Avalanche Application Control Engine. CVE-2024-10811, CVE-2024-13161, CVE-2024-13160, CVE-2024-13159 have been patched - update! 👇 https://t.co/QH98ZOYgYO

    @securestep9

    16 Jan 2025

    66 Impressions

    0 Retweets

    0 Likes

    1 Bookmark

    0 Replies

    0 Quotes

References