CVE-2024-22058 HIGH

CVE-2024-22058

Vendor Ivanti
Product EPM
Published May 31, 2024
Last update March 17, 2025

CVSS base score

7.8/10
Attack vector Local
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

A buffer overflow allows a low privilege user on the local machine that has the EPM Agent installed to execute arbitrary code with elevated permissions in Ivanti EPM 2021.1 and older.

Key dates

02Disclosure timeline

May 31, 2024 CVE published
March 17, 2025 Record updated