cbcvebase.
CVE-2023-35084
published 2023-10-18

CVE-2023-35084: Unsafe Deserialization of User Input could lead to Execution of Unauthorized Operations in Ivanti Endpoint Manager 2022 su3 and all previous versions, which…

PriorityP263critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
2.85%
84.9th percentile
Unsafe Deserialization of User Input could lead to Execution of Unauthorized Operations in Ivanti Endpoint Manager 2022 su3 and all previous versions, which could allow an attacker to execute commands remotely.

Affected

2 ranges
VendorProductVersion rangeFixed in
ivantiendpoint_manager< 20222022
ivantiendpoint_manager

Detection & IOCsextracted from sources · hover to see the quote

  • Unsafe deserialization of user input in Ivanti Endpoint Manager 2022 SU3 and all previous versions can lead to remote command execution; monitor for anomalous deserialization activity or unexpected process spawning from Ivanti EPM services
  • ·Affected versions are Ivanti Endpoint Manager 2022 SU3 and all previous versions; no patch version details or specific vulnerable endpoint paths are provided in the available sources, limiting precise detection scope
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.