CNNVD-202507-1027 Information

CNNVD ID

CNNVD-202507-1027

Related CVE

CVE-2025-7037

• CNNVD Published: 2025-07-08

Description (Chinese)

Ivanti Endpoint Manager（EPM）是美国Ivanti公司的一套端点安全管理器。 Ivanti Endpoint Manager 2024 SU3和2022 SU8 Security Update 1之前版本存在SQL注入漏洞，该漏洞源于容易受到SQL注入攻击，可能导致读取任意数据库数据。

Description (English)

Ivanti Endpoint Manager (EPM) is an end-point security manager for Ivanti USA. Ivanti Endpoint Manager 2024 SU3 and 2022 SU8 Security Update 1 had an injection loophole in SQL, which stemmed from its vulnerability to SQL injections and could lead to the reading of arbitrary database data.

Hazard Level

Medium

Vulnerability Type

SQL注入

Affected Vendor

iWT

Published

2025-07-08

Last Modified

2026-02-24

References

https://forums.ivanti.com/s/article/Security-Advisory-July-2025-for-Ivanti-EPM-2024-SU2-and-EPM-2022-SU8?language=en_US https://access.redhat.com/security/cve/cve-2025-7037

Patch

https://forums.ivanti.com/s/article/Security-Advisory-July-2025-for-Ivanti-EPM-2024-SU2-and-EPM-2022-SU8?language=en_US