Описание
A security vulnerability has been identified in EPMM Versions 11.10, 11.9 and 11.8 and older allowing an unauthenticated threat actor to impersonate any existing user during the device enrollment process. This issue poses a significant security risk, as it enables unauthorized access and potential misuse of user accounts and resources.
Ссылки
- Vendor Advisory
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 11.9.0 (исключая)Версия от 11.10.0 (включая) до 11.10.0.4 (исключая)Версия от 11.11.0 (включая) до 11.11.0.2 (исключая)
Одно из
cpe:2.3:a:ivanti:endpoint_manager_mobile:*:*:*:*:*:*:*:*
cpe:2.3:a:ivanti:endpoint_manager_mobile:*:*:*:*:*:*:*:*
cpe:2.3:a:ivanti:endpoint_manager_mobile:*:*:*:*:*:*:*:*
EPSS
Процентиль: 81%
0.01615
Низкий
9.8 Critical
CVSS3
Дефекты
NVD-CWE-noinfo
CWE-269
Связанные уязвимости
CVSS3: 9.8
github
около 2 лет назад
A security vulnerability has been identified in EPMM Versions 11.10, 11.9 and 11.8 and older allowing an unauthenticated threat actor to impersonate any existing user during the device enrollment process. This issue poses a significant security risk, as it enables unauthorized access and potential misuse of user accounts and resources.
EPSS
Процентиль: 81%
0.01615
Низкий
9.8 Critical
CVSS3
Дефекты
NVD-CWE-noinfo
CWE-269