CVE-2023-35084

CRITICAL

Ivanti Endpoint Manager < 2022 - Insecure Deserialization

Title source: rule

Description

Unsafe Deserialization of User Input could lead to Execution of Unauthorized Operations in Ivanti Endpoint Manager 2022 su3 and all previous versions, which could allow an attacker to execute commands remotely.

References (1)

[Vendor Advisory] https://forums.ivanti.com/s/article/SA-2023-08-08-CVE-2023-35084?language=en_US

Scores

CVSS v3 9.8

EPSS 0.0211

EPSS Percentile 83.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Classification

CWE

CWE-502

Status published

Affected Products (5)

ivanti/endpoint_manager < 2022

ivanti/endpoint_manager

Timeline

Published Oct 18, 2023

Tracked Since Feb 18, 2026