cbcvebase.
CVE-2023-39337
published 2023-11-15

CVE-2023-39337: A security vulnerability in EPMM Versions 11.10, 11.9 and 11.8 older allows a threat actor with knowledge of an enrolled device identifier to access and…

PriorityP356critical9.1CVSS 3.1
AVNACLPRNUINSUCHIHAN
EPSS
1.90%
77.1th percentile
A security vulnerability in EPMM Versions 11.10, 11.9 and 11.8 older allows a threat actor with knowledge of an enrolled device identifier to access and extract sensitive information, including device and environment configuration details, as well as secrets. This vulnerability poses a serious security risk, potentially exposing confidential data and system integrity.

Affected

6 ranges
VendorProductVersion rangeFixed in
ivantiendpoint_manager_mobile<= 11.9.0
ivantiendpoint_manager_mobile>= 11.10.0 < 11.10.0.411.10.0.4
ivantiendpoint_manager_mobile>= 11.11.0 < 11.11.0.211.11.0.2
ivantiepmm11.10.0.0 – 11.10.0.0
ivantiepmm11.8.0.0 – 11.8.0.0
ivantiepmm11.9.0.0 – 11.9.0.0
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.