CVE-2020-13772

Published: Nov 16, 2020Modified: Nov 21, 2024

5.3

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Exploitability: 3.9 / Impact: 1.4

Source: NVD

Description

In /ldclient/ldprov.cgi in Ivanti Endpoint Manager through 2020.1.1, an attacker is able to disclose information about the server operating system, local pathnames, and environment variables with no authentication required.

Affected (1)

Products: Ivanti: Endpoint Manager

Ivanti

1 product

Endpoint Manager

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Ivanti Endpoint Manager	Up to 2020.1.1

References (4)

https://forums.ivanti.com/s/

Source: cve@mitre.org

Permissions RequiredVendor Advisory

https://labs.jumpsec.com/cve-2020-13772-ivanti-uem-system-information-disclosure/

Source: cve@mitre.org

ExploitThird Party Advisory

https://forums.ivanti.com/s/

Source: af854a3a-2127-422b-91ae-364da2661108

Permissions RequiredVendor Advisory

https://labs.jumpsec.com/cve-2020-13772-ivanti-uem-system-information-disclosure/

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

Timeline

No history available yet.