CVE-2023-35081
Ivanti / Endpoint Manager Mobile (EPMM)
Added 2023-07-31
Due 2023-08-21
Ivanti Endpoint Manager Mobile (EPMM) Path Traversal Vulnerability
Ivanti Endpoint Manager Mobile (EPMM) contains a path traversal vulnerability that enables an authenticated administrator to perform malicious file writes to the EPMM server. This vulnerability can be used in conjunction with CVE-2023-35078 to bypass authentication and ACLs restrictions (if applicable).
Required action
Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Notes: https://forums.ivanti.com/s/article/CVE-2023-35081-Arbitrary-File-Write?language=en_US; https://nvd.nist.gov/vuln/detail/CVE-2023-35081
Metadata
| Added to KEV | 2023-07-31 |
| Remediation due | 2023-08-21 |
| Ransomware use | Unknown |
| CWEs | CWE-22 |
| Ingested | 2026-04-24 15:03:13 |
Cross-mesh regulatory overlay
If you're breached via this CVE, what disclosure laws and cyber regs fire? Asks LexiWorld and RegulatoryRadar via signed mesh.