CVE-2023-35081

CVSS 3.1 Score 7.2 of 10 (high)

Details

Published Aug 3, 2023

Updated: Dec 20, 2024

CWE ID 22

Summary

CVE-2023-35081 is a newly discovered path traversal vulnerability affecting Ivanti Endpoint Manager (EPMM) versions 11.10.x prior to 11.10.0.3, 11.9.x prior to 11.9.1.2, and 11.8.x prior to 11.8.1.2. This issue enables authenticated administrators to write arbitrary files onto the Ivanti EPMM appliance, posing a significant security risk. Successful exploitation of this vulnerability could lead to the installation of malware, unauthorized access, or data theft. To mitigate this risk, Ivanti strongly recommends updating to the latest versions of Ivanti EPMM as soon as possible.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Affected Products

Ivanti Endpoint Manager Mobile

Affected Vendors

Ivanti Software Inc.

Advisories, Assessments, and Mitigations

Back to Vulnerability Database

Platform Features

Products

Use Cases

Teams

Industries

Services

DRAT V2: Updated DRAT Emerges in TAG-140’s Arsenal

Threats to the 2025 NATO Summit

Artificial Eyes: Generative AI in China’s Military Intelligence

Know What Matters

For Customers

For Partners