CVE-2020-13772
MEDIUMIvanti Endpoint Manager <2020.1.1 - Info Disclosure
Title source: llmDescription
In /ldclient/ldprov.cgi in Ivanti Endpoint Manager through 2020.1.1, an attacker is able to disclose information about the server operating system, local pathnames, and environment variables with no authentication required.
References (2)
Core 2
Core References
Permissions Required, Vendor Advisory x_refsource_misc
https://forums.ivanti.com/s/
Exploit, Third Party Advisory x_refsource_misc
https://labs.jumpsec.com/cve-2020-13772-ivanti-uem-system-information-disclosure/
Scores
CVSS v3
5.3
EPSS
0.0191
EPSS Percentile
83.5%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Details
Status
published
Products (1)
ivanti/endpoint_manager
< 2020.1.1
Published
Nov 16, 2020
Tracked Since
Feb 18, 2026