exploitDog

CVE-2023-35084

Опубликовано: 18 окт. 2023

Источник: nvd

CVSS3: 9.8

EPSS Низкий

Описание

Unsafe Deserialization of User Input could lead to Execution of Unauthorized Operations in Ivanti Endpoint Manager 2022 su3 and all previous versions, which could allow an attacker to execute commands remotely.

Ссылки

https://forums.ivanti.com/s/article/SA-2023-08-08-CVE-2023-35084?language=en_US
Vendor Advisory
https://forums.ivanti.com/s/article/SA-2023-08-08-CVE-2023-35084?language=en_US
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:ivanti:endpoint_manager:*:*:*:*:*:*:*:*

Версия до 2022 (исключая)

cpe:2.3:a:ivanti:endpoint_manager:2022:-:*:*:*:*:*:*

cpe:2.3:a:ivanti:endpoint_manager:2022:su1:*:*:*:*:*:*

cpe:2.3:a:ivanti:endpoint_manager:2022:su2:*:*:*:*:*:*

cpe:2.3:a:ivanti:endpoint_manager:2022:su3:*:*:*:*:*:*

EPSS

Процентиль: 82%

0.01627

Низкий

9.8 Critical

CVSS3

Дефекты

CWE-502

Связанные уязвимости

GHSA-cgm3-p7mh-qpqx

CVSS3: 9.8

github

больше 2 лет назад

Unsafe Deserialization of User Input could lead to Execution of Unauthorized Operations in Ivanti Endpoint Manager 2022 su3 and all previous versions, which could allow an attacker to execute commands remotely.

EPSS

Процентиль: 82%

0.01627

Низкий

9.8 Critical

CVSS3

Дефекты

CWE-502