Description
Reflected XSS in Ivanti Endpoint Manager before version 2024 SU1 or before version 2022 SU7 allows a remote unauthenticated attacker to obtain admin privileges. User interaction is required.
CVSS breakdown
CVSS 3.1
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Changed
Confidentiality
High
Integrity
Low
Availability
None
Affected products
- Ivanti / Endpoint Manager2024 SU1 – 2024 SU1
- Ivanti / Endpoint Manager2022 SU7 – 2022 SU7