Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2023-28323

A deserialization of untrusted data exists in EPM 2022 Su3 and all prior versions that allows an unauthenticated user to elevate rights. This exploit could potentially be used in conjunction with other OS (Operating System) vulnerabilities to escalate privileges on the machine or be used as a stepping stone to get to other network attached machines.

Published

2023-07-01T00:15:10.057

Last Modified

2025-05-05T16:15:33.820

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 9.8 (CRITICAL)

Weaknesses

Type: Primary
CWE-502
Type: Secondary
CWE-502

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	ivanti	endpoint_manager	< 2022	Yes
Application	ivanti	endpoint_manager	2022	Yes
Application	ivanti	endpoint_manager	2022	Yes
Application	ivanti	endpoint_manager	2022	Yes
Application	ivanti	endpoint_manager	2022	Yes

References

https://forums.ivanti.com/s/article/SA-2023-06-20-CVE-2023-28323 Vendor Advisory ([email protected])
https://forums.ivanti.com/s/article/SA-2023-06-20-CVE-2023-28323 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)