Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cvelistHackeroneCVELIST:CVE-2023-35081
HistoryAug 03, 2023 - 5:00 p.m.

CVE-2023-35081

2023-08-0317:00:10
hackerone
www.cve.org
1
path traversal
ivanti epmm
authenticated administrator
write arbitrary files

7.2 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

7 High

AI Score

Confidence

High

0.703 High

EPSS

Percentile

98.0%

JSON

A path traversal vulnerability in Ivanti EPMM versions (11.10.x < 11.10.0.3, 11.9.x < 11.9.1.2 and 11.8.x < 11.8.1.2) allows an authenticated administrator to write arbitrary files onto the appliance.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "vendor": "Ivanti",
    "product": "EPMM",
    "versions": [
      {
        "version": "11.10.0.3",
        "status": "affected",
        "lessThan": "11.10.0.3",
        "versionType": "custom"
      }
    ]
  }
]

Related

cve 1
nessus 1
nvd 1
hivepro 1
attackerkb 1
prion 1
cisa_kev 1
rapid7blog 2
thn 6
malwarebytes 3
ics 1
cve
cve
CVE-2023-35081
2023-08-03 18:15:11
nessus
nessus
Ivanti Endpoint Manager Mobile < 11.8.1.2 / 11.9.x < 11.9.1.2 / 11.10.x < 11.10.0.3 Arbitrary File Write (CVE-2023-35081)
2023-07-31 00:00:00
nvd
nvd
CVE-2023-35081
2023-08-03 18:15:11
hivepro
hivepro
Ivanti Addressed Second Zero-Day Flaw Exploited by Attackers
2023-08-03 06:01:53
attackerkb
attackerkb
CVE-2023-35081
2023-08-03 00:00:00
prion
prion
Path traversal
2023-08-03 18:15:00
cisa_kev
cisa_kev
Ivanti Endpoint Manager Mobile (EPMM) Path Traversal Vulnerability
2023-07-31 00:00:00
rapid7blog
rapid7blog
CVE-2023-35078: Critical API Access Vulnerability in Ivanti Endpoint Manager Mobile
2023-07-26 16:45:05
CVE-2023-35082 - MobileIron Core Unauthenticated API Access Vulnerability
2023-08-02 16:05:47
thn
thn
Norwegian Entities Targeted in Ongoing Attacks Exploiting Ivanti EPMM Vulnerability
2023-08-02 03:41:00
Ivanti Warns of Another Endpoint Manager Mobile Vulnerability Under Active Attack
2023-07-29 04:27:00
Researchers Discover Bypass for Recently Patched Critical Ivanti EPMM Vulnerability
2023-08-03 04:06:00
malwarebytes
malwarebytes
Ivanti patches second zero-day vulnerability being used in attacks
2023-08-02 15:15:00
[updated] Ivanti Sentry critical vulnerabilityβ€”don't play dice, patch
2023-08-23 16:30:00
August Patch Tuesday stops actively exploited attack chain and more
2023-08-10 01:00:00
ics
ics
Threat Actors Exploiting Ivanti EPMM Vulnerabilities
2023-08-01 12:00:00

7.2 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

7 High

AI Score

Confidence

High

0.703 High

EPSS

Percentile

98.0%

JSON
Related for CVELIST:CVE-2023-35081
cve1nessus1nvd1hivepro1attackerkb1prion1cisa_kev1rapid7blog2thn6malwarebytes3ics1