Improper Input Validation in Ivanti Endpoint Manager by Ivanti
CVE-2023-28324

9.8CRITICAL

Key Information:

Vendor: Ivanti
Status: Ivanti Endpoint Manager
Vendor: CVE Published:; 1 July 2023

Summary

An improper input validation vulnerability exists in Ivanti Endpoint Manager, affecting versions released up to 2022. This security issue can be exploited by attackers to perform privilege escalation or execute remote code, potentially compromising the security of the affected systems. It is crucial for users of Ivanti Endpoint Manager to ensure that they apply the necessary patches to mitigate the risks associated with this vulnerability.

Affected Version(s)

Ivanti Endpoint Manager 2022

References

https://forums.ivanti.com/s/article/SA-2023-06-06-CVE-202...

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jul 1, 2023
Vulnerability Reserved
Mar 14, 2023