CVE-2023-35081 HIGH

CVE-2023-35081

Vendor Ivanti
Product EPMM
KEV Status Known Exploited
Published August 3, 2023
Last update January 14, 2026

CVSS base score

7.2/10
Attack vector Network
Attack complexity Low
Privileges required High
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

A path traversal vulnerability in Ivanti EPMM versions (11.10.x < 11.10.0.3, 11.9.x < 11.9.1.2 and 11.8.x < 11.8.1.2) allows an authenticated administrator to write arbitrary files onto the appliance.

CISA mandated remediation

02CISA Required Action

Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Key dates

03Disclosure timeline

August 3, 2023 CVE published
January 14, 2026 Record updated