Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2023-35081: Ivanti Community

A path traversal vulnerability in Ivanti EPMM versions (11.10.x < 11.10.0.3, 11.9.x < 11.9.1.2 and 11.8.x < 11.8.1.2) allows an authenticated administrator to write arbitrary files onto the appliance.

CVE
#vulnerability#auth

Loading

×Sorry to interrupt

CSS Error

Refresh

Related news

U.S. Cybersecurity Agency Warns of Actively Exploited Ivanti EPMM Vulnerability

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a now-patched critical flaw impacting Ivanti Endpoint Manager Mobile (EPMM) and MobileIron Core to its Known Exploited Vulnerabilities (KEV) catalog, stating it's being actively exploited in the wild. The vulnerability in question is CVE-2023-35082 (CVSS score: 9.8), an authentication bypass

Alert: Ivanti Releases Patch for Critical Vulnerability in Endpoint Manager Solution

Ivanti has released security updates to address a critical flaw impacting its Endpoint Manager (EPM) solution that, if successfully exploited, could result in remote code execution (RCE) on susceptible servers. Tracked as CVE-2023-39336, the vulnerability has been rated 9.6 out of 10 on the CVSS scoring system. The shortcoming impacts EPM 2021 and EPM 2022 prior to SU5. “If exploited, an

Ivanti Sentry critical vulnerability—don't play dice, patch

Categories: Exploits and vulnerabilities Categories: News Tags: Ivanti Tags: Sentry Tags: MobileIron Tags: CVE-2023-38035 Tags: MICS Tags: port 8443 There is some uncertainty about whether a vulnerability in Ivanti Sentry is being exploited in the wild, but why take the risk when you can patch? (Read more...) The post Ivanti Sentry critical vulnerability—don't play dice, patch appeared first on Malwarebytes Labs.

Ivanti Warns of Critical Zero-Day Flaw Being Actively Exploited in Sentry Software

Software services provider Ivanti is warning of a new critical zero-day flaw impacting Ivanti Sentry (formerly MobileIron Sentry) that it said is being actively exploited in the wild, marking an escalation of its security woes. Tracked as CVE-2023-38035 (CVSS score: 9.8), the issue has been described as a case of authentication bypass impacting versions 9.18 and prior due to what it called an

August Patch Tuesday stops actively exploited attack chain and more

Categories: Exploits and vulnerabilities Categories: News Microsoft has announced patches for 87 vulnerabilities this month, including two that are being actively exploited. (Read more...) The post August Patch Tuesday stops actively exploited attack chain and more appeared first on Malwarebytes Labs.

Researchers Discover Bypass for Recently Patched Critical Ivanti EPMM Vulnerability

Cybersecurity researchers have discovered a bypass for a recently fixed actively exploited vulnerability in some versions of Ivanti Endpoint Manager Mobile (EPMM), prompting Ivanti to urge users to update to the latest version of the software. Tracked as CVE-2023-35082 (CVSS score: 10.0) and discovered by Rapid7, the issue "allows unauthenticated attackers to access the API in older unsupported

Ivanti patches second zero-day vulnerability being used in attacks

Categories: Exploits and vulnerabilities Categories: News Tags: Ivanti Tags: EPMM Tags: MobileIron Tags: CVE-2023-35081 Tags: CVE-2023-35078 Tags: tomcat Tags: arbitrary file write Tags: ACL Tags: upgrade Ivanti has issued a patch to address a second critical zero-day vulnerability (Read more...) The post Ivanti patches second zero-day vulnerability being used in attacks appeared first on Malwarebytes Labs.

Norwegian Entities Targeted in Ongoing Attacks Exploiting Ivanti EPMM Vulnerability

Advanced persistent threat (APT) actors exploited a recently disclosed critical flaw impacting Ivanti Endpoint Manager Mobile (EPMM) as a zero-day since at least April 2023 in attacks directed against Norwegian entities, including a government network. The disclosure comes as part of a new joint advisory released by the Cybersecurity and Infrastructure Security Agency (CISA) and the Norwegian

Ivanti Warns of Another Endpoint Manager Mobile Vulnerability Under Active Attack

Ivanti has disclosed yet another security flaw impacting Endpoint Manager Mobile (EPMM), formerly known as MobileIron Core, that it said has been weaponized as part of an exploit chain by malicious actors in the wild. The new vulnerability, tracked as CVE-2023-35081 (CVSS score: 7.8), impacts supported versions 11.10, 11.9, and 11.8, as well as those that are currently end-of-life (EoL). "

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907