Improper certificate validation in Ivanti Endpoint Manager before version 2024 SU1 or before version 2022 SU7 allows a remote unauthenticated attacker to intercept limited traffic between clients and servers.
Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

History

Fri, 16 May 2025 14:15:00 +0000

Type Values Removed Values Added
First Time appeared Ivanti
Ivanti endpoint Manager
Weaknesses CWE-295
CPEs cpe:2.3:a:ivanti:endpoint_manager:*:*:*:*:*:*:*:*
cpe:2.3:a:ivanti:endpoint_manager:2022:-:*:*:*:*:*:*
cpe:2.3:a:ivanti:endpoint_manager:2022:su1:*:*:*:*:*:*
cpe:2.3:a:ivanti:endpoint_manager:2022:su2:*:*:*:*:*:*
cpe:2.3:a:ivanti:endpoint_manager:2022:su3:*:*:*:*:*:*
cpe:2.3:a:ivanti:endpoint_manager:2022:su4:*:*:*:*:*:*
cpe:2.3:a:ivanti:endpoint_manager:2022:su5:*:*:*:*:*:*
cpe:2.3:a:ivanti:endpoint_manager:2022:su6:*:*:*:*:*:*
cpe:2.3:a:ivanti:endpoint_manager:2024:-:*:*:*:*:*:*
Vendors & Products Ivanti
Ivanti endpoint Manager

Tue, 08 Apr 2025 16:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Tue, 08 Apr 2025 14:30:00 +0000

Type Values Removed Values Added
Description Improper certificate validation in Ivanti Endpoint Manager before version 2024 SU1 or before version 2022 SU7 allows a remote unauthenticated attacker to intercept limited traffic between clients and servers.
Weaknesses CWE-296
References
Metrics cvssV3_1

{'score': 4.8, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N'}


cve-icon MITRE

Status: PUBLISHED

Assigner: ivanti

Published:

Updated: 2025-04-08T15:37:26.132Z

Reserved: 2025-01-07T02:19:22.797Z

Link: CVE-2025-22459

cve-icon Vulnrichment

Updated: 2025-04-08T15:35:55.931Z

cve-icon NVD

Status : Analyzed

Published: 2025-04-08T15:15:49.020

Modified: 2025-05-16T14:00:18.793

Link: CVE-2025-22459

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.