CVE-2023-35084

9.8CRITICAL

Key Information:

Vendor: Ivanti
Status: Endpoint Manager
Vendor: CVE Published:; 18 October 2023

Summary

Unsafe Deserialization of User Input could lead to Execution of Unauthorized Operations in Ivanti Endpoint Manager 2022 su3 and all previous versions, which could allow an attacker to execute commands remotely.

Affected Version(s)

Endpoint Manager 2022 su3

References

https://forums.ivanti.com/s/article/SA-2023-08-08-CVE-202...

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Oct 18, 2023
Vulnerability Reserved
Jun 13, 2023

Collectors

NVD DatabaseMitre Database