Insecure Deserialization Vulnerability Affects EPMM Web Component

CVE-2024-36131

8.8HIGH

Key Information

Vendor: Ivanti
Status: Epmm
Vendor: CVE Published:; 7 August 2024

Summary

An insecure deserialization vulnerability in web component of EPMM prior to 12.1.0.1 allows an authenticated remote attacker to execute arbitrary commands on the underlying operating system of the appliance.

Affected Version(s)

EPMM < 12.1.0.1

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Risk change from: null to: 8.8 - (HIGH)
Aug 7, 2024
Vulnerability published.
Aug 7, 2024
Vulnerability Reserved.
May 21, 2024

Collectors

NVD DatabaseMitre Database

.