9.8
CVE-2023-35084
- EPSS 1.63%
- Veröffentlicht 18.10.2023 04:15:11
- Zuletzt bearbeitet 21.11.2024 08:07:56
- Quelle support@hackerone.com
- CVE-Watchlists
- Unerledigt
LoginUnsafe Deserialization of User Input could lead to Execution of Unauthorized Operations in Ivanti Endpoint Manager 2022 su3 and all previous versions, which could allow an attacker to execute commands remotely.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Ivanti ≫ Endpoint Manager Version < 2022
Ivanti ≫ Endpoint Manager Version2022 Update-
Ivanti ≫ Endpoint Manager Version2022 Updatesu1
Ivanti ≫ Endpoint Manager Version2022 Updatesu2
Ivanti ≫ Endpoint Manager Version2022 Updatesu3
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 1.63% | 0.813 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 9.8 | 3.9 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
CWE-502 Deserialization of Untrusted Data
The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid.