ID CVE-2020-13772
Summary In /ldclient/ldprov.cgi in Ivanti Endpoint Manager through 2020.1.1, an attacker is able to disclose information about the server operating system, local pathnames, and environment variables with no authentication required.
References
Vulnerable Configurations
  • cpe:2.3:a:ivanti:endpoint_manager:2016.4:*:*:*:*:*:*:*
    cpe:2.3:a:ivanti:endpoint_manager:2016.4:*:*:*:*:*:*:*
  • cpe:2.3:a:ivanti:endpoint_manager:2017.1:*:*:*:*:*:*:*
    cpe:2.3:a:ivanti:endpoint_manager:2017.1:*:*:*:*:*:*:*
  • cpe:2.3:a:ivanti:endpoint_manager:2017.3:*:*:*:*:*:*:*
    cpe:2.3:a:ivanti:endpoint_manager:2017.3:*:*:*:*:*:*:*
  • cpe:2.3:a:ivanti:endpoint_manager:2018.1:*:*:*:*:*:*:*
    cpe:2.3:a:ivanti:endpoint_manager:2018.1:*:*:*:*:*:*:*
  • cpe:2.3:a:ivanti:endpoint_manager:2018.3:*:*:*:*:*:*:*
    cpe:2.3:a:ivanti:endpoint_manager:2018.3:*:*:*:*:*:*:*
  • cpe:2.3:a:ivanti:endpoint_manager:2019.1:*:*:*:*:*:*:*
    cpe:2.3:a:ivanti:endpoint_manager:2019.1:*:*:*:*:*:*:*
  • cpe:2.3:a:ivanti:endpoint_manager:2020.1:*:*:*:*:*:*:*
    cpe:2.3:a:ivanti:endpoint_manager:2020.1:*:*:*:*:*:*:*
  • cpe:2.3:a:ivanti:endpoint_manager:2020.1.1:*:*:*:*:*:*:*
    cpe:2.3:a:ivanti:endpoint_manager:2020.1.1:*:*:*:*:*:*:*
CVSS
Base: 5.0 (as of 21-11-2020 - 03:35)
Impact:
Exploitability:
CWE NVD-CWE-noinfo
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL NONE NONE
cvss-vector via4 AV:N/AC:L/Au:N/C:P/I:N/A:N
Last major update 21-11-2020 - 03:35
Published 16-11-2020 - 16:15
Last modified 21-11-2020 - 03:35
Back to Top