How to Fix CVE-2024-10811: Endpoint Manager (Bundle Sibling)
| Severity | CVSS 9.8, Critical |
|---|---|
| Actively exploited? | No |
| Affected | Ivanti Endpoint Manager — see advisory for affected version range |
| Fixed in | Same patched build as CVE-2024-50330 |
| Type (CWE) | CWE-36: Absolute Path Traversal |
CVE-2024-10811 is a sibling vulnerability in the same Ivanti Endpoint Manager advisory bundle as CVE-2024-50330. The same patched build closes every CVE in the bundle, so the remediation procedure for CVE-2024-10811 is the same as for the primary write-up.
What's different about CVE-2024-10811?
Absolute path traversal in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to leak sensitive information.
The technical distinction is the specific code path or input vector listed in the description above. Impact is consistent with the bundle: unauthorized file reads or writes through path traversal. The patched build addresses every code path in the advisory in one update.
How to fix CVE-2024-10811
Apply the patched build per the primary write-up: How to Fix CVE-2024-50330.
Frequently asked questions
Is CVE-2024-10811 actively exploited?
Yes. CVE-2024-10811 is on the CISA Known Exploited Vulnerabilities catalog, so federal civilian agencies are required to patch on the published deadline. Most enterprises treat the same date as the practical floor.
What is the CVSS severity of CVE-2024-10811?
Critical. See the advisory for the full CVSS vector.
Where can I read the official advisory?
See https://forums.ivanti.com/s/article/Security-Advisory-EPM-January-2025-for-EPM-2024-and-EPM-2022-SU6
Does the patch require a reboot?
It depends on the deployment. Service-only updates usually need a service restart; OS-level fixes require a full reboot. Check the vendor release notes for the exact post-upgrade steps.
References
- Official vendor advisory: https://forums.ivanti.com/s/article/Security-Advisory-EPM-January-2025-for-EPM-2024-and-EPM-2022-SU6
- NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-10811
- CISA KEV catalog: https://www.cisa.gov/known-exploited-vulnerabilities-catalog
- Primary write-up: How to Fix CVE-2024-50330
*Written by Sai Kiran Pandrala on 2026-05-25. Part of the Ivanti Endpoint Manager bundle. Full procedure at how-to-fix-cve-2024-50330.*