CVE-2023-35084

CVE Database · CVE-2023-35084

CVE-2023-35084

· CRITICALModified

CVSS v3.1

9.8

EPSS

2.85%

Published

Oct 18, 2023

Modified

Nov 21, 2024

Public PoC / Exploit

All weaponized →

No public PoC or exploit code indexed for this CVE.

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

Unsafe Deserialization of User Input could lead to Execution of Unauthorized Operations in Ivanti Endpoint Manager 2022 su3 and all previous versions, which could allow an attacker to execute commands remotely.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Weaknesses (CWE)

CWE-502

Affected Products (5)

ivanti · endpoint_manager (up to 2022)vulnerable

ivanti · endpoint_managervulnerable

References (2)

https://forums.ivanti.com/s/article/SA-2023-08-08-CVE-2023-35084?language=en_US

Vendor Advisory

https://forums.ivanti.com/s/article/SA-2023-08-08-CVE-2023-35084?language=en_US

Vendor Advisory

KEV Catalog EPSS Scores Vendors All CVEs