CVE-2024-36130

An insufficient authorization vulnerability in web component of EPMM prior to 12.1.0.1 allows an unauthorized attacker within the network to execute arbitrary commands on the underlying operating system of the appliance.
Configurations

Configuration 1 (hide)

cpe:2.3:a:ivanti:endpoint_manager_mobile:*:*:*:*:*:*:*:*

History

24 Oct 2024, 20:35

Type Values Removed Values Added
CWE CWE-285

12 Aug 2024, 18:52

Type Values Removed Values Added
First Time Ivanti endpoint Manager Mobile
Ivanti
References () https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Endpoint-Manager-for-Mobile-EPMM-July-2024 - () https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Endpoint-Manager-for-Mobile-EPMM-July-2024 - Vendor Advisory
CPE cpe:2.3:a:ivanti:endpoint_manager_mobile:*:*:*:*:*:*:*:*
CWE CWE-287

08 Aug 2024, 21:35

Type Values Removed Values Added
CWE CWE-285

07 Aug 2024, 15:17

Type Values Removed Values Added
Summary
  • (es) Una vulnerabilidad de autorización insuficiente en el componente web de EPMM anterior a 12.1.0.1 permite que un atacante no autorizado dentro de la red ejecute comandos arbitrarios en el sistema operativo subyacente del dispositivo.

07 Aug 2024, 04:17

Type Values Removed Values Added
New CVE

Information

Published : 2024-08-07 04:17

Updated : 2024-10-24 20:35


NVD link : CVE-2024-36130

Mitre link : CVE-2024-36130

CVE.ORG link : CVE-2024-36130


JSON object : View

Products Affected

ivanti

  • endpoint_manager_mobile
CWE
CWE-287

Improper Authentication