CVE-2023-35081

Published: Aug 3, 2023Modified: Jan 14, 2026CISA KEV

7.2

Vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.2 / Impact: 5.9

Source: NVD

Description

A path traversal vulnerability in Ivanti EPMM versions (11.10.x < 11.10.0.3, 11.9.x < 11.9.1.2 and 11.8.x < 11.8.1.2) allows an authenticated administrator to write arbitrary files onto the appliance.

Affected (3)

Products: Ivanti: Endpoint Manager Mobile

Ivanti

1 product

Endpoint Manager Mobile

Configuration A

3 vulnerable

Vulnerable Software	Affected Versions
Ivanti Endpoint Manager Mobile	From 11.10.0 to 11.10.0.3
Ivanti Endpoint Manager Mobile	From 11.8.0 to 11.8.1.2
Ivanti Endpoint Manager Mobile	From 11.9.0 to 11.9.1.2

Related CWEs

CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

References (3)

https://forums.ivanti.com/s/article/CVE-2023-35081-Arbitrary-File-Write?language=en_US

Source: support@hackerone.com

Vendor Advisory

https://forums.ivanti.com/s/article/CVE-2023-35081-Arbitrary-File-Write?language=en_US

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-35081

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0

US Government Resource

Timeline

No history available yet.