Unauthorized command execution vulnerability in EPMM web component

CVE-2024-36130

9.8CRITICAL

Key Information

Vendor: Ivanti
Status: Epmm
Vendor: CVE Published:; 7 August 2024

Summary

An insufficient authorization vulnerability in web component of EPMM prior to 12.1.0.1 allows an unauthorized attacker within the network to execute arbitrary commands on the underlying operating system of the appliance.

Affected Version(s)

EPMM < 12.1.0.1

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Risk change from: null to: 9.8 - (CRITICAL)
Aug 7, 2024
Vulnerability published.
Aug 7, 2024
Vulnerability Reserved.
May 21, 2024

Collectors

NVD DatabaseMitre Database

.