Description
An exposed dangerous method on the Core Server of Ivanti Endpoint Manager before version 2024 SU6 allows a remote authenticated attacker to leak access credentials.
Published: 2026-05-12
Score: 6.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

An exposed dangerous method on the Core Server of Ivanti Endpoint Manager allows a remote authenticated attacker to leak access credentials. The flaw enables the attacker to retrieve valid credentials for other users or systems, potentially facilitating further unauthorized access. This vulnerability is an information disclosure weakness (CWE‑749) that arises from improper access restrictions on a sensitive method.

Affected Systems

The vulnerability affects Ivanti Endpoint Manager Core Server deployments prior to version 2024 SU6. All releases before 2024 SU6 are potentially vulnerable. Users of earlier versions should consult the official Ivanti security advisory for details on the affected build and the recommended fix.

Risk and Exploitability

The CVSS score of 6.5 indicates a moderate severity assessment, and the lack of an available EPSS score provides no concrete exploitation probability data. Because the attack requires remote authenticated access, the threat is limited to insiders or compromised legitimate users unless additional weaknesses exist. The vulnerability is not listed in the CISA KEV catalog, suggesting no publicly known exploits as of the data available.

Generated by OpenCVE AI on May 12, 2026 at 16:21 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update Ivanti Endpoint Manager to version 2024 SU6 or later, which removes the exposed method.
  • If the update cannot be applied immediately, restrict network access to the Core Server so that only trusted internal hosts can reach the endpoint that exposes the method.
  • After remediation, review and rotate any credentials that may have been exposed, and enforce strong password policies.

Generated by OpenCVE AI on May 12, 2026 at 16:21 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 12 May 2026 19:30:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:ivanti:endpoint_manager:*:*:*:*:*:*:*:*
cpe:2.3:a:ivanti:endpoint_manager:2024:-:*:*:*:*:*:*
cpe:2.3:a:ivanti:endpoint_manager:2024:su1:*:*:*:*:*:*
cpe:2.3:a:ivanti:endpoint_manager:2024:su2:*:*:*:*:*:*
cpe:2.3:a:ivanti:endpoint_manager:2024:su3:*:*:*:*:*:*
cpe:2.3:a:ivanti:endpoint_manager:2024:su3_security_release_1:*:*:*:*:*:*
cpe:2.3:a:ivanti:endpoint_manager:2024:su4:*:*:*:*:*:*
cpe:2.3:a:ivanti:endpoint_manager:2024:su4_security_release_1:*:*:*:*:*:*
cpe:2.3:a:ivanti:endpoint_manager:2024:su5:*:*:*:*:*:*

Tue, 12 May 2026 19:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 12 May 2026 16:45:00 +0000

Type Values Removed Values Added
Title Remote Authenticated Credential Leakage via Exposed Method in Ivanti Endpoint Manager
First Time appeared Ivanti
Ivanti endpoint Manager
Vendors & Products Ivanti
Ivanti endpoint Manager

Tue, 12 May 2026 15:00:00 +0000

Type Values Removed Values Added
Description An exposed dangerous method on the Core Server of Ivanti Endpoint Manager before version 2024 SU6 allows a remote authenticated attacker to leak access credentials.
Weaknesses CWE-749
References
Metrics cvssV3_1

{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N'}

Subscriptions

Ivanti Endpoint Manager
cve-icon MITRE

Status: PUBLISHED

Assigner: ivanti

Published:

Updated: 2026-05-12T18:58:58.165Z

Reserved: 2026-05-07T16:20:42.642Z

Link: CVE-2026-8109

cve-icon Vulnrichment

Updated: 2026-05-12T18:58:52.388Z

cve-icon NVD

Status : Analyzed

Published: 2026-05-12T15:16:17.420

Modified: 2026-05-12T19:18:29.283

Link: CVE-2026-8109

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-12T16:30:19Z

Weaknesses