2018.3

CVSS 9.8 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

ivanti

critical

NVD

Published: 2019-07-11

Updated: 2020-08-24

Summary

An issue was discovered in the Core Server in Ivanti Endpoint Manager (EPM) 2017.3 before SU7 and 2018.x before 2018.3 SU3, with remote code execution. In other words, the issue affects 2017.3, 2018.1, and 2018.3 installations that lack the April 2019 update.

Vulnerable Configurations

Part	Description	Count
Application	Ivanti Ivanti Endpoint Manager 2017.3 Ivanti Endpoint Manager 2018.1 Ivanti Endpoint Manager 2018.3	3

References

https://forums.ivanti.com/s/article/Security-Alert-Ivanti-Endpoint-Manager-April-2019