CVE-2023-35083

Published: Oct 18, 2023Modified: Nov 21, 2024

6.5

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Exploitability: 2.8 / Impact: 3.6

Source: NVD

Description

Allows an authenticated attacker with network access to read arbitrary files on Endpoint Manager recently discovered on 2022 SU3 and all previous versions potentially leading to the leakage of sensitive information.

Affected (5)

Products: Ivanti: Endpoint Manager

Ivanti

1 product

Endpoint Manager

Configuration A

5 vulnerable

Vulnerable Software	Affected Versions
Ivanti Endpoint Manager	Before 2022
Ivanti Endpoint Manager	Version 2022
Ivanti Endpoint Manager	Version 2022 su1
Ivanti Endpoint Manager	Version 2022 su2
Ivanti Endpoint Manager	Version 2022 su3

References (2)

https://forums.ivanti.com/s/article/SA-2023-06-20-CVE-2023-35083?language=en_US

Source: support@hackerone.com

Vendor Advisory

https://forums.ivanti.com/s/article/SA-2023-06-20-CVE-2023-35083?language=en_US

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.