CVE-2023-35084

Published: Oct 18, 2023Modified: Nov 21, 2024

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

Unsafe Deserialization of User Input could lead to Execution of Unauthorized Operations in Ivanti Endpoint Manager 2022 su3 and all previous versions, which could allow an attacker to execute commands remotely.

Affected (5)

Products: Ivanti: Endpoint Manager

Ivanti

1 product

Endpoint Manager

Configuration A

5 vulnerable

Vulnerable Software	Affected Versions
Ivanti Endpoint Manager	Before 2022
Ivanti Endpoint Manager	Version 2022
Ivanti Endpoint Manager	Version 2022 su1
Ivanti Endpoint Manager	Version 2022 su2
Ivanti Endpoint Manager	Version 2022 su3

Related CWEs

CWE-502

Deserialization of Untrusted Data

The product deserializes untrusted data without sufficiently verifying that the resulting data will be valid.

References (2)

https://forums.ivanti.com/s/article/SA-2023-08-08-CVE-2023-35084?language=en_US

Source: support@hackerone.com

Vendor Advisory

https://forums.ivanti.com/s/article/SA-2023-08-08-CVE-2023-35084?language=en_US

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.