An uninitialized resource in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a local authenticated attacker to escalate their privileges.
The product uses or accesses a resource that has not been initialized.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Endpoint_manager | Ivanti | * | 2022 (excluding) |
Endpoint_manager | Ivanti | 2022 (including) | 2022 (including) |
Endpoint_manager | Ivanti | 2022-su1 (including) | 2022-su1 (including) |
Endpoint_manager | Ivanti | 2022-su2 (including) | 2022-su2 (including) |
Endpoint_manager | Ivanti | 2022-su3 (including) | 2022-su3 (including) |
Endpoint_manager | Ivanti | 2022-su4 (including) | 2022-su4 (including) |
Endpoint_manager | Ivanti | 2022-su5 (including) | 2022-su5 (including) |
Endpoint_manager | Ivanti | 2024 (including) | 2024 (including) |