CVE-2024-36130

CVSS 3.1 Score 9.8 of 10 (high)

Details

Published Aug 7, 2024

Updated: Oct 24, 2024

CWE ID 287

Summary

CVE-2024-36130 is a newly disclosed vulnerability affecting the web component of EPMM before version 12.1.0.1. This issue grants unauthorized attackers, who have gained network access, the ability to execute arbitrary commands on the underlying operating system of the affected appliance. The vulnerability is classified as an insufficient authorization issue, posing a serious risk for potential system compromise and subsequent data breaches. It is crucial for organizations using EPMM to apply the necessary patch as soon as possible to mitigate the risk associated with this vulnerability.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Affected Products

Ivanti Endpoint Manager Mobile

Affected Vendors

Ivanti Software Inc.

Advisories, Assessments, and Mitigations

Back to Vulnerability Database