4.8
CVE-2025-22459
- EPSS 0.08%
- Veröffentlicht 08.04.2025 14:25:57
- Zuletzt bearbeitet 16.05.2025 14:00:18
- Quelle 3c1d8aa1-5a33-4ea4-8992-aadd64
- CVE-Watchlists
- Unerledigt
Improper certificate validation in Ivanti Endpoint Manager before version 2024 SU1 or before version 2022 SU7 allows a remote unauthenticated attacker to intercept limited traffic between clients and servers.
Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD
Diese Information steht angemeldeten Benutzern zur Verfügung. 
Login
LoginDaten sind bereitgestellt durch National Vulnerability Database (NVD)
Ivanti ≫ Endpoint Manager Version < 2022
Ivanti ≫ Endpoint Manager Version2022 Update-
Ivanti ≫ Endpoint Manager Version2022 Updatesu1
Ivanti ≫ Endpoint Manager Version2022 Updatesu2
Ivanti ≫ Endpoint Manager Version2022 Updatesu3
Ivanti ≫ Endpoint Manager Version2022 Updatesu4
Ivanti ≫ Endpoint Manager Version2022 Updatesu5
Ivanti ≫ Endpoint Manager Version2022 Updatesu6
Ivanti ≫ Endpoint Manager Version2024 Update-
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.08% | 0.233 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 4.8 | 2.2 | 2.5 |
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
|
| 3c1d8aa1-5a33-4ea4-8992-aadd6440af75 | 4.8 | 2.2 | 2.5 |
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
|
CWE-295 Improper Certificate Validation
The product does not validate, or incorrectly validates, a certificate.
CWE-296 Improper Following of a Certificate's Chain of Trust
The product does not follow, or incorrectly follows, the chain of trust for a certificate back to a trusted root certificate, resulting in incorrect trust of any resource that is associated with that certificate.