CVE-2023-35084

Unsafe Deserialization of User Input could lead to Execution of Unauthorized Operations in Ivanti Endpoint Manager 2022 su3 and all previous versions, which could allow an attacker to execute commands remotely.

Published: Oct 18, 2023
Updated: Oct 26, 2023
CVE: CVE-2023-35084
Severity: Critical
Exploit:

CVSS v3:

Severity: Critical
Score: 9.8
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWEs:

CWE-502

OWASP TOP 10:

A8 - Insecure Deserialization

Affected Software
References

Software	From	Fixed in
ivanti / endpoint_manager	2022-su1	2022-su1.x
ivanti / endpoint_manager	-	2022
ivanti / endpoint_manager	2022	2022.x
ivanti / endpoint_manager	2022-su2	2022-su2.x
ivanti / endpoint_manager	2022-su3	2022-su3.x

https://forums.ivanti.com/s/article/SA-2023-08-08-CVE-2023-35084?language=en_US

Vulnerability Database

CVE-2023-35084