CVE-2023-35081β€”Ivanti Endpoint Manager Mobile (EPMM) Path Traversal Vulnerability

PUBLISHEDvulnerability record
2023-07-31 Β· last modified June 21, 2025

Metadata

CVE ID:
CVE-2023-35081
Project:
Ivanti
Product:
Endpoint Manager Mobile (EPMM)
Date Added:
2023-07-31
Due Date:
2023-08-21
Last Updated:
June 21, 2025

Vulnerability Name

Ivanti Endpoint Manager Mobile (EPMM) Path Traversal Vulnerability

Description

Ivanti Endpoint Manager Mobile (EPMM) contains a path traversal vulnerability that enables an authenticated administrator to perform malicious file writes to the EPMM server. This vulnerability can be used in conjunction with CVE-2023-35078 to bypass authentication and ACLs restrictions (if applicable).

Known To Be Used in Ransomware Campaigns?

Ransomware Status:
Unknown

Action

Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Additional Notes

Related Weaknesses