Multiple vulnerabilities in Ivanti EPMM
Ivanti released a security advisory addressing several vulnerabilities in its EPMM solution (formerly known as MobileIron). These vulnerabilities could lead to remote code execution, authentication bypass, and sensitive information leakage. It is recommended you update as soon as possible.
These vulnerabilities affect EPMM versions prior to 12.1.0.1
The vulnerability CVE-2024-36130, with a CVSS score of 9.8, is a flaw (insufficient authorisation checks) in the web component of EPMM that would allow an unauthorised attacker within the network to execute arbitrary commands on the underlying operating system of the appliance
The vulnerability CVE-2024-36131, with a CVSS score of 8.8, is a flaw (insecure deserialisation) in the web component of EPMM that would allow an authenticated remote attacker to execute arbitrary commands on the underlying operating system of the appliance.
The vulnerability CVE-2024-36132, with a CVSS score of 8.2, is a flaw (insufficient checks) in the authentication controls of EPMM that would allow a remote attacker to bypass authentication and access sensitive resources.
The vulnerability CVE-2024-34788, with a CVSS score of 5.3, is a flaw (improper authentication) in the web component of EPMM that would allow a remote malicious user to access potentially sensitive information.
Further information – https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Endpoint-Manager-for-Mobile-EPMM-July-2024?language=en_US
Kerry is a Content Creator at www.systemtek.co.uk she has spent many years working in IT support, her main interests are computing, networking and AI.