Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2023-35084

Unsafe Deserialization of User Input could lead to Execution of Unauthorized Operations in Ivanti Endpoint Manager 2022 su3 and all previous versions, which could allow an attacker to execute commands remotely.

Published

2023-10-18T04:15:11.027

Last Modified

2024-11-21T08:07:56.673

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 9.8 (CRITICAL)

Weaknesses

Type: Primary
CWE-502

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	ivanti	endpoint_manager	< 2022	Yes
Application	ivanti	endpoint_manager	2022	Yes
Application	ivanti	endpoint_manager	2022	Yes
Application	ivanti	endpoint_manager	2022	Yes
Application	ivanti	endpoint_manager	2022	Yes

References

https://forums.ivanti.com/s/article/SA-2023-08-08-CVE-2023-35084?language=en_US Vendor Advisory ([email protected])
https://forums.ivanti.com/s/article/SA-2023-08-08-CVE-2023-35084?language=en_US Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)