Ivanti EPM – Credential Coercion Vulnerability in GetHashForWildcardRecursive

A vulnerability in Ivanti Endpoint Manager (EPM) allows an unauthenticated attacker to coerce the EPM machine account credential via the GetHashForWildcardRecursive endpoint. The vulnerability exists due to improper input validation in the wildcard parameter, allowing an attacker to specify a remote UNC path that triggers NTLM…Read More