Ivanti Releases Security Updates for Endpoint Manager for Mobile
Vulnerabilities could allow an attacker to execute arbitrary commands, bypass authentication, and access sensitive resources
Summary
Vulnerabilities could allow an attacker to execute arbitrary commands, bypass authentication, and access sensitive resources
Affected platforms
The following platforms are known to be affected:
Threat details
Introduction
Ivanti has disclosed four vulnerabilities in Ivanti Endpoint Manager Mobile (EPMM), formerly known as MobileIron Core. The advisory addresses three high severity vulnerabilities and one medium severity. Ivanti EPMM is a mobile management software engine that enables IT to set policies for mobile devices, applications, and content.
- CVE-2024-36130 has a CVSSv3 score of 8.8 and could allow an unauthorised attacker within the network to execute arbitrary commands on the underlying operating system of the appliance.
- CVE-2024-36131 has a CVSSv3 score of 8.8 and could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system of the appliance.
- CVE-2024-36132 has a CVSSv3 score of 8.2 and could allow a remote attacker to bypass authentication and access sensitive resources.
Additionally, CVE-2024-34788 has a CVSSv3 score of 5.5 and could allow remote attacker to access potentially sensitive information.
Remediation advice
Affected organisations are encouraged to review the following Security Advisory Ivanti Endpoint Manager for Mobile (EPMM) July 2024 and apply the relevant updates.
Definitive source of threat updates
CVE Vulnerabilities
Last edited: 19 July 2024 1:44 pm