Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cve[email protected]CVE-2023-35081
HistoryAug 03, 2023 - 6:15 p.m.

CVE-2023-35081

2023-08-0318:15:11
CWE-22
[email protected]
web.nvd.nist.gov
303
In Wild
cve-2023-35081
ivanti epmm
vulnerability
path traversal
authenticated administrator
arbitrary files
nvd

7.2 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

8.1 High

AI Score

Confidence

High

0.672 Medium

EPSS

Percentile

98.0%

JSON

A path traversal vulnerability in Ivanti EPMM versions (11.10.x < 11.10.0.3, 11.9.x < 11.9.1.2 and 11.8.x < 11.8.1.2) allows an authenticated administrator to write arbitrary files onto the appliance.

Affected configurations

NVD
Node
ivantiendpoint_manager_mobileRange11.8.0–11.8.1.2
OR
ivantiendpoint_manager_mobileRange11.9.0–11.9.1.2
OR
ivantiendpoint_manager_mobileRange11.10.0–11.10.0.3

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "vendor": "Ivanti",
    "product": "EPMM",
    "versions": [
      {
        "version": "11.10.0.3",
        "status": "affected",
        "lessThan": "11.10.0.3",
        "versionType": "custom"
      }
    ]
  }
]

Related

cvelist 1
hivepro 1
nvd 1
nessus 1
attackerkb 1
prion 1
cisa_kev 1
malwarebytes 3
thn 6
rapid7blog 2
ics 1
cvelist
cvelist
CVE-2023-35081
2023-08-03 17:00:10
hivepro
hivepro
Ivanti Addressed Second Zero-Day Flaw Exploited by Attackers
2023-08-03 06:01:53
nvd
nvd
CVE-2023-35081
2023-08-03 18:15:11
nessus
nessus
Ivanti Endpoint Manager Mobile < 11.8.1.2 / 11.9.x < 11.9.1.2 / 11.10.x < 11.10.0.3 Arbitrary File Write (CVE-2023-35081)
2023-07-31 00:00:00
attackerkb
attackerkb
CVE-2023-35081
2023-08-03 00:00:00
prion
prion
Path traversal
2023-08-03 18:15:00
cisa_kev
cisa_kev
Ivanti Endpoint Manager Mobile (EPMM) Path Traversal Vulnerability
2023-07-31 00:00:00
malwarebytes
malwarebytes
Ivanti patches second zero-day vulnerability being used in attacks
2023-08-02 15:15:00
[updated] Ivanti Sentry critical vulnerabilityβ€”don't play dice, patch
2023-08-23 16:30:00
August Patch Tuesday stops actively exploited attack chain and more
2023-08-10 01:00:00
thn
thn
Norwegian Entities Targeted in Ongoing Attacks Exploiting Ivanti EPMM Vulnerability
2023-08-02 03:41:00
Ivanti Warns of Another Endpoint Manager Mobile Vulnerability Under Active Attack
2023-07-29 04:27:00
Researchers Discover Bypass for Recently Patched Critical Ivanti EPMM Vulnerability
2023-08-03 04:06:00
rapid7blog
rapid7blog
CVE-2023-35078: Critical API Access Vulnerability in Ivanti Endpoint Manager Mobile
2023-07-26 16:45:05
CVE-2023-35082 - MobileIron Core Unauthenticated API Access Vulnerability
2023-08-02 16:05:47
ics
ics
Threat Actors Exploiting Ivanti EPMM Vulnerabilities
2023-08-01 12:00:00

7.2 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

8.1 High

AI Score

Confidence

High

0.672 Medium

EPSS

Percentile

98.0%

JSON
Related for CVE-2023-35081
cvelist1hivepro1nvd1nessus1attackerkb1prion1cisa_kev1malwarebytes3thn6rapid7blog2ics1