Overview
- Description
- A path traversal vulnerability in Ivanti EPMM versions (11.10.x < 11.10.0.3, 11.9.x < 11.9.1.2 and 11.8.x < 11.8.1.2) allows an authenticated administrator to write arbitrary files onto the appliance.
- Source
- support@hackerone.com
- NVD status
- Analyzed
Risk scores
CVSS 3.1
- Type
- Primary
- Base score
- 7.2
- Impact score
- 5.9
- Exploitability score
- 1.2
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
- Severity
- HIGH
CVSS 3.0
- Type
- Secondary
- Base score
- 7.2
- Impact score
- 5.9
- Exploitability score
- 1.2
- Vector string
- CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
- Severity
- HIGH
Known exploits
Data from CISA
- Vulnerability name
- Ivanti Endpoint Manager Mobile (EPMM) Path Traversal Vulnerability
- Exploit added on
- Jul 31, 2023
- Exploit action due
- Aug 21, 2023
- Required action
- Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Weaknesses
- nvd@nist.gov
- CWE-22
Social media
- Hype score
- Not currently trending
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ivanti:endpoint_manager_mobile:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A8C4E79F-9A4D-4507-B262-01E475954B92",
"versionEndExcluding": "11.8.1.2",
"versionStartIncluding": "11.8.0"
},
{
"criteria": "cpe:2.3:a:ivanti:endpoint_manager_mobile:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "5A44EBED-1A3C-4951-B873-4E545F4432A2",
"versionEndExcluding": "11.9.1.2",
"versionStartIncluding": "11.9.0"
},
{
"criteria": "cpe:2.3:a:ivanti:endpoint_manager_mobile:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "F07E7E60-A611-4C0D-B5D0-0605D910B0F7",
"versionEndExcluding": "11.10.0.3",
"versionStartIncluding": "11.10.0"
}
],
"operator": "OR"
}
]
}
]