CVE-2023-39337

🗓️ 14 Nov 2023 23:18:08Reported by hackeroneType

A security vulnerability in EPMM Versions 11.10, 11.9 and 11.8 older allows unauthorized access to sensitive information

Reporter	Title	Published	Views	Family All 11
CNNVD	Ivanti Endpoint Manager Security Vulnerability	14 Nov 202300:00	–	cnnvd
Cvelist	CVE-2023-39337	14 Nov 202323:18	–	cvelist
EUVD	EUVD-2023-43068	3 Oct 202520:07	–	euvd
Ivanti	CVE-2023-39337 - MobileConfig profile download authentication bypass	9 Nov 202316:55	–	ivanti
Tenable Nessus	Ivanti Endpoint Manager Mobile < 11.10.0.4 / 11.11.x < 11.11.0.2 Multiple Vulnerabilities	20 Dec 202300:00	–	nessus
NCSC	Vulnerabilities fixed in Ivanti Endpoint Manager Mobile	13 Nov 202300:00	–	ncsc
NVD	CVE-2023-39337	15 Nov 202300:15	–	nvd
OSV	CVE-2023-39337	15 Nov 202300:15	–	osv
Prion	Security feature bypass	15 Nov 202300:15	–	prion
Positive Technologies	PT-2023-26886 · Epmm · Epmm	13 Nov 202300:00	–	ptsecurity

NVD

Vulners

Node

ivanti endpoint_manager_mobileRange≤11.9.0

ivanti endpoint_manager_mobileRange11.10.0–11.10.0.4

ivanti endpoint_manager_mobileRange11.11.0–11.11.0.2

[
  {
    "defaultStatus": "unaffected",
    "vendor": "Ivanti",
    "product": "EPMM",
    "versions": [
      {
        "version": "11.10.0.0",
        "status": "affected",
        "lessThanOrEqual": "11.10.0.0",
        "versionType": "semver"
      },
      {
        "version": "11.9.0.0",
        "status": "affected",
        "lessThanOrEqual": "11.9.0.0",
        "versionType": "semver"
      },
      {
        "version": "11.8.0.0",
        "status": "affected",
        "lessThanOrEqual": "11.8.0.0",
        "versionType": "semver"
      }
    ]
  }
]

Source	Link
forums	www.forums.ivanti.com/s/article/CVE-2023-39337

21 Nov 2024 08:15Current

9High risk

Vulners AI Score9

CVSS 3.19.1

EPSS0.01548

SSVC

CWE-200