CVE-2022-35259
First published: Mon Dec 05 2022(Updated: )
XML Injection with Endpoint Manager 2022. 3 and below causing a download of a malicious file to run and possibly execute to gain unauthorized privileges.
Credit: support@hackerone.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Ivanti Endpoint Manager | <=2022.3 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2022-35259?
The severity of CVE-2022-35259 is high with a CVSS score of 7.8.
How does XML Injection with Endpoint Manager 2022.3 and below work?
XML Injection with Endpoint Manager 2022.3 and below allows an attacker to inject malicious XML code into the application, which can cause a download of a malicious file to run and possibly execute to gain unauthorized privileges.
Which version of Ivanti Endpoint Manager is affected by CVE-2022-35259?
Ivanti Endpoint Manager versions up to and including 2022.3 are affected by CVE-2022-35259.
How can I fix CVE-2022-35259?
To fix CVE-2022-35259, update Ivanti Endpoint Manager to a version higher than 2022.3.
Where can I find more information about CVE-2022-35259?
More information about CVE-2022-35259 can be found at this link: https://forums.ivanti.com/s/article/Security-Advisory-for-Ivanti-Endpoint-Manager-Client-CVE-2022-35259?language=en_US
- collector/nvd-index
- agent/severity
- agent/references
- agent/weakness
- agent/author
- agent/type
- agent/description
- agent/event
- agent/first-publish-date
- agent/softwarecombine
- agent/last-modified-date
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/ivanti
- canonical/ivanti endpoint manager
- version/ivanti endpoint manager/2022.3