CVE-2024-36131

Name of the Vulnerable Software and Affected Versions: Ivanti Endpoint Manager Mobile (EPMM) versions prior to 12.1.0.1

Description: The issue is related to an insecure deserialization vulnerability in the web component of EPMM. This vulnerability allows an authenticated remote attacker to execute arbitrary commands on the underlying operating system of the appliance.

Recommendations: For versions prior to 12.1.0.1, update to version 12.1.0.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the web component of EPMM to minimize the risk of exploitation.