SQL Injection Vulnerability in Ivanti Endpoint Manager by Ivanti
CVE-2025-62388
6.5MEDIUM
What is CVE-2025-62388?
A SQL injection vulnerability in Ivanti Endpoint Manager enables a remote authenticated attacker to exploit the system, potentially allowing access to sensitive data stored in the database. This vulnerability poses significant risks as it could lead to unauthorized data exposure and compromise organizational security.
Affected Version(s)
Endpoint Manager 2024 SU3 SR1
Endpoint Manager 2024 SU3 SR1
Endpoint Manager 2022 SU8 SR2
References
CVSS V3.1
Score:
6.5
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved