forums.ivanti.com
Open in
urlscan Pro
2606:4700::6811:7088
Public Scan
Submitted URL: https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Endpoint-Manager-for-Mobile-EPMM-July-2024
Effective URL: https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Endpoint-Manager-for-Mobile-EPMM-July-2024?language=en_US
Submission: On July 19 via api from TR — Scanned from DE
Effective URL: https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Endpoint-Manager-for-Mobile-EPMM-July-2024?language=en_US
Submission: On July 19 via api from TR — Scanned from DE
Form analysis 0 forms found in the DOM
Text Content
Loading ×Sorry to interrupt CSS Error Refresh Skip to Main Content Community * Home * All Products * Forum Groups * Contact Support * Getting Started * Advantage Learning * Ivanti User Groups * Ivanti Ideas * Product End of Life * Site Resources * More Expand search SearchLoading Close search Log inAccount Management Ask a Question Log in for access to this feature Security Advisory Ivanti Endpoint Manager for Mobile (EPMM) July 2024 Primary Product Ivanti Endpoint Manager Mobile (Core) Categories Security Created Date Jul 17, 2024 2:08:45 PM Last Modified Date Jul 17, 2024 2:17:47 PM The following vulnerabilities have been discovered in Ivanti Endpoint Manager for Mobile (EPMM) which impacts all supported versions. We are not aware of any customers being exploited by this vulnerability at the time of disclosure. CAUSE CVE Description CVSS Vector CVE-2024-36130 An insufficient authorization vulnerability in web component of EPMM prior to 12.1.0.1 allows an unauthorized attacker within the network to execute arbitrary commands on the underlying operating system of the appliance. 8.8 AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2024-36131 An insecure deserialization vulnerability in web component of EPMM prior to 12.1.0.1 allows an authenticated remote attacker to execute arbitrary commands on the underlying operating system of the appliance. 8.8 AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2024-36132 Insufficient verification of authentication controls in EPMM prior to 12.1.0.1 allows a remote attacker to bypass authentication and access sensitive resources. 8.2 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N CVE-2024-34788 An improper authentication vulnerability in web component of EPMM prior to 12.1.0.1 allows a remote malicious user to access potentially sensitive information 5.3 AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N We would like to acknowledge Daniel Jensen of CyberCX for their responsible disclosures. RESOLUTION A resolution is released and available in EPMM (Core) versions 11.12.0.3, 12.0.0.3 and 12.1.0.1 in the standard download portal. FAQ 1. ARE YOU AWARE OF ANY ACTIVE EXPLOITATION OF THESE VULNERABILITIES? We are not aware of any customers being exploited by these vulnerabilities prior to public disclosure. These vulnerabilities were disclosed through our responsible disclosure program. 2. HOW CAN I TELL IF I HAVE BEEN COMPROMISED? Currently, there is no known public exploitation of this vulnerability that could be used to provide a list of indicators of compromise. 3. SHOULD CUSTOMERS WHO HAVE ENABLED MDMPP/CC MODE UPGRADE TO A 12.X RELEASE? The 12.x releases are currently under evaluation for certification. If a customer has enabled MDMPP/CC mode, they should stay on an 11.12.x version until certification has completed. We will communicate with customers when the 12.x version has received certification. 4. WHAT SHOULD I DO IF I NEED HELP? If you have questions after reviewing this information, you can log a case and/or request a call via the Success Portal . Article Number : 000093546 Article Promotion Level Normal * * Terms & Conditions * Privacy Policy * Copyright © 2019-2023 Ivanti. All rights reserved. Loading WE USE COOKIES 🍪 We use cookies on this site to improve your browser experience, analyze usage and traffic, tailor future content to your preferences, and make decisions about our website. Cookies Settings Only Essential Cookies Accept All Cookies PRIVACY PREFERENCE CENTER YOUR PRIVACY YOUR PRIVACY We use cookies on this site to improve your browser experience, analyze usage and traffic, tailor future content to your preferences, and make decisions about our website. Select "Allow All" to accept cookies and go directly to the site, or select a category of cookies from the menu to learn more about each type of cookie. More information * STRICTLY NECESSARY STRICTLY NECESSARY Always Active Strictly Necessary These cookies are required to enable core site functionality. Cookie Details * PERFORMANCE COOKIES PERFORMANCE COOKIES Performance Cookies These cookies allow us to analyze site performance and usage, so we can ensure you have the best experience. Cookie Details * PERSONALIZATION COOKIES PERSONALIZATION COOKIES Personalization Cookies These cookies can be set through our website by our advertising partners. They can be used by these companies to build a profile of your interests and show you relevant ads on other websites. Cookie Details * FUNCTIONAL COOKIES FUNCTIONAL COOKIES Functional Cookies These cookies enable the website to provide enhanced functionality and personalization. They may be set by us or by third party providers whose services we have added to our pages. If you do not allow these cookies then some or all of these services may not function properly. Cookie Details Back Button ADVERTISING COOKIES Filter Button Consent Leg.Interest Select All Vendors Select All Vendors Select All Hosts Select All Clear Filters Information storage and access Apply Save Settings Allow All