CVE-2024-36130

Name of the Vulnerable Software and Affected Versions: Ivanti Endpoint Manager Mobile (EPMM) versions prior to 12.1.0.1

Description: The issue is related to an insufficient authorization vulnerability in the web component of EPMM. This vulnerability allows an unauthorized attacker within the network to execute arbitrary commands on the underlying operating system of the appliance. The exploitation of this vulnerability can be done remotely.

Recommendations: For versions prior to 12.1.0.1, update to version 12.1.0.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the web component of EPMM to minimize the risk of exploitation.