CVE-2023-35083

CVE Database · CVE-2023-35083

CVE-2023-35083

· MEDIUMModified

CVSS v3.1

6.5

EPSS

1.09%

Published

Oct 18, 2023

Modified

Nov 21, 2024

Public PoC / Exploit

All weaponized →

No public PoC or exploit code indexed for this CVE.

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

Allows an authenticated attacker with network access to read arbitrary files on Endpoint Manager recently discovered on 2022 SU3 and all previous versions potentially leading to the leakage of sensitive information.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Affected Products (5)

ivanti · endpoint_manager (up to 2022)vulnerable

ivanti · endpoint_managervulnerable

References (2)

https://forums.ivanti.com/s/article/SA-2023-06-20-CVE-2023-35083?language=en_US

Vendor Advisory

https://forums.ivanti.com/s/article/SA-2023-06-20-CVE-2023-35083?language=en_US

Vendor Advisory

KEV Catalog EPSS Scores Vendors All CVEs