Primary

Context

Ivanti Endpoint Manager Core Server Credential Leak Vulnerability

Vulnerability

Patched

A vulnerability exists in the Core Server of Ivanti Endpoint Manager in versions through 2024 SU5. This vulnerability allows remote authenticated attackers to leak access credentials by exploiting an exposed dangerous method.

Impact

Exploitation of this vulnerability could lead to unauthorized access to credentials, potentially allowing for further attacks or privilege escalation.

Remediation

Users can update to Ivanti Endpoint Manager 2024 SU6, which is available for download through the Ivanti License System (ILS).

Added: May 12, 2026, 3:24 PM

Updated: May 12, 2026, 3:24 PM

Vulnerability Rating

Custom Algorithm

spread

4.5

impact

2.5

exploitability

4.9

remediation

7.7

relevance

8.1

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

4.5

impact

2.5

exploitability

4.9

remediation

7.7

relevance

8.1

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Ivanti Endpoint Manager Core Server Credential Leak Vulnerability

Vulnerability

Impact

Remediation

Affected Products

Ivanti Endpoint Manager

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating