CNNVD-202510-1645 Information

CNNVD ID

CNNVD-202510-1645

Related CVE

CVE-2025-11623

• CNNVD Published: 2025-10-13

Description (Chinese)

Ivanti Endpoint Manager（EPM）是美国Ivanti公司的一套端点安全管理器。 Ivanti Endpoint Manager（EPM）存在SQL注入漏洞，该漏洞源于远程认证攻击者可读取数据库中的任意数据，可能导致SQL注入攻击。

Description (English)

Ivanti Endpoint Manager (EPM) is an end-point security manager for Ivanti USA. Ivanti Endpoint Manager (EPM) has an injection loophole in SQL, which stems from the remote authentication of random data in the database that can be accessed by the assailant and may lead to an SQL injection.

Hazard Level

High

Vulnerability Type

SQL注入

Affected Vendor

Ivanti

Published

2025-10-13

Last Modified

2026-02-24

References

https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Endpoint-Manager-EPM-October-2025 https://access.redhat.com/security/cve/cve-2025-11623

Patch

https://www.ivanti.com/products/endpoint-manager