CVE-2023-35081

Name of the Vulnerable Software and Affected Versions Ivanti Endpoint Manager Mobile (EPMM) versions 11.8.x through 11.8.1.1 Ivanti Endpoint Manager Mobile (EPMM) versions 11.9.x through 11.9.1.1 Ivanti Endpoint Manager Mobile (EPMM) versions 11.10.x through 11.10.0.2

Description A path traversal vulnerability in Ivanti EPMM allows an authenticated administrator to write arbitrary files onto the appliance. This issue is being exploited by malicious actors to gain sensitive information and execute OS commands. The vulnerability is related to incorrect restriction of a directory path with limited access.

Recommendations For Ivanti Endpoint Manager Mobile (EPMM) versions 11.8.x through 11.8.1.1, update to version 11.8.1.2 or later. For Ivanti Endpoint Manager Mobile (EPMM) versions 11.9.x through 11.9.1.1, update to version 11.9.1.2 or later. For Ivanti Endpoint Manager Mobile (EPMM) versions 11.10.x through 11.10.0.2, update to version 11.10.0.3 or later.