Insecure deserialization in Ivanti Endpoint Manager before version 2024 SU4 allows a local authenticated attacker to escalate their privileges.
2025-10-13T21:15:33.797
2025-11-11T15:15:35.277
Modified
3c1d8aa1-5a33-4ea4-8992-aadd6440af75
CVSSv3.1: 7.8 (HIGH)
| Type | Vendor | Product | Version/Range | Vulnerable? |
|---|---|---|---|---|
| Application | ivanti | endpoint_manager | < 2024 | Yes |
| Application | ivanti | endpoint_manager | 2024 | Yes |
| Application | ivanti | endpoint_manager | 2024 | Yes |
| Application | ivanti | endpoint_manager | 2024 | Yes |
| Application | ivanti | endpoint_manager | 2024 | Yes |
| Application | ivanti | endpoint_manager | 2024 | Yes |