CVE-2023-35084

Name of the Vulnerable Software and Affected Versions Ivanti Endpoint Manager versions prior to 2022 su3

Description The issue is related to unsafe deserialization of user input, which could lead to the execution of unauthorized operations. This could allow an attacker to execute commands remotely.

Recommendations For versions prior to 2022 su3, update to version 2022 su3 or later to resolve the issue. As a temporary workaround, consider restricting access to the affected module to minimize the risk of exploitation. Avoid using user input in the deserialization process until the issue is resolved.