Executive Risk Summary
"A remote unauthenticated attacker can exploit an absolute path traversal vulnerability in Ivanti EPM to leak sensitive information. This vulnerability affects Ivanti EPM versions prior to the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update."
Operational Audit Arsenal
Target Type File System
Target Asset Ivanti EPM Web Interface
Standard Path /opt/ivanti/epm/web
Manual Verification Required
This is a non-Windows asset (Ivanti). Use the target asset details and official path provided above to verify your current version against the official vendor advisories listed below.
Patch Impact Forecast
Reboot Required Likely
Moderate, may require downtime for endpoint manager services
Internal Work Notes
Apply Ivanti EPM January-2025 Security Update or 2022 SU6 January-2025 Security Update to mitigate absolute path traversal vulnerability (CVE-2024-13161)
Technical Intelligence & Operational Utilities • Delivered Weekly
Intelligence Sources
Official Advisoryhttps://forums.ivanti.com/s/article/Security-Advisory-EPM-January-2025-for-EPM-2024-and-EPM-2022-SU6
Official Advisoryhttps://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-13161
Official Advisoryhttps://www.horizon3.ai/attack-research/attack-blogs/ivanti-endpoint-manager-multiple-credential-coercion-vulnerabilities/
Related Ivanti Threats
Data compiled from NVD, MSRC, and CISA KEV Catalog. Intelligence synthesized via AI. Scripts provided for diagnostic purposes under MIT License.