CVSS: 10.0EPSS: 3%CPEs: 1EXPL: 0CVE-2024-36130
https://notcve.org/view.php?id=CVE-2024-36130
07 Aug 2024 — An insufficient authorization vulnerability in web component of EPMM prior to 12.1.0.1 allows an unauthorized attacker within the network to execute arbitrary commands on the underlying operating system of the appliance. • https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Endpoint-Manager-for-Mobile-EPMM-July-2024 • CWE-285: Improper Authorization •
CVSS: 9.0EPSS: 2%CPEs: 1EXPL: 0CVE-2024-36131
https://notcve.org/view.php?id=CVE-2024-36131
07 Aug 2024 — An insecure deserialization vulnerability in web component of EPMM prior to 12.1.0.1 allows an authenticated remote attacker to execute arbitrary commands on the underlying operating system of the appliance. • https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Endpoint-Manager-for-Mobile-EPMM-July-2024 • CWE-502: Deserialization of Untrusted Data •
CVSS: 8.2EPSS: 2%CPEs: 1EXPL: 0CVE-2024-36132
https://notcve.org/view.php?id=CVE-2024-36132
07 Aug 2024 — Insufficient verification of authentication controls in EPMM prior to 12.1.0.1 allows a remote attacker to bypass authentication and access sensitive resources. • https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Endpoint-Manager-for-Mobile-EPMM-July-2024 • CWE-287: Improper Authentication •
CVSS: 6.8EPSS: 12%CPEs: 1EXPL: 0CVE-2024-34788
https://notcve.org/view.php?id=CVE-2024-34788
07 Aug 2024 — An improper authentication vulnerability in web component of EPMM prior to 12.1.0.1 allows a remote malicious user to access potentially sensitive information • https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Endpoint-Manager-for-Mobile-EPMM-July-2024 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •