CVE-2023-35081

HIGH KEV

Ivanti Endpoint Manager Mobile < 11.8.1.2 - Path Traversal

Title source: rule

Description

A path traversal vulnerability in Ivanti EPMM versions (11.10.x < 11.10.0.3, 11.9.x < 11.9.1.2 and 11.8.x < 11.8.1.2) allows an authenticated administrator to write arbitrary files onto the appliance.

References (2)

[Vendor Advisory] https://forums.ivanti.com/s/article/CVE-2023-35081-Arbitrary-File-Write?language=en_US

[US Government Resource] https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-35081

Scores

CVSS v3 7.2

EPSS 0.9137

EPSS Percentile 99.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Details

CISA KEV 2023-07-31

VulnCheck KEV 2023-07-28

InTheWild.io 2023-07-29

ENISA EUVD EUVD-2023-39116

CWE

CWE-22

Status published

Products (1)

ivanti/endpoint_manager_mobile 11.8.0 - 11.8.1.2

Published Aug 03, 2023

KEV Added Jul 31, 2023

Tracked Since Feb 18, 2026