CVE-2024-36130
First published: Wed Aug 07 2024(Updated: )
An insufficient authorization vulnerability in web component of EPMM prior to 12.1.0.1 allows an unauthorized attacker within the network to execute arbitrary commands on the underlying operating system of the appliance.
Credit: support@hackerone.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Ivanti Endpoint Manager Mobile | <12.1.0.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2024-36130?
CVE-2024-36130 is categorized as a critical severity vulnerability due to its potential to allow unauthorized remote command execution.
How do I fix CVE-2024-36130?
To mitigate CVE-2024-36130, upgrade Ivanti Endpoint Manager Mobile to version 12.1.0.1 or later.
Who is affected by CVE-2024-36130?
CVE-2024-36130 affects users of Ivanti Endpoint Manager Mobile versions prior to 12.1.0.1.
What type of vulnerability is CVE-2024-36130?
CVE-2024-36130 is an insufficient authorization vulnerability that enables command execution on the underlying operating system.
Can CVE-2024-36130 be exploited remotely?
Yes, CVE-2024-36130 can be exploited by an unauthorized attacker within the network.
- agent/references
- agent/author
- agent/type
- agent/description
- agent/first-publish-date
- agent/severity
- agent/event
- collector/mitre-cve
- source/MITRE
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/weakness
- agent/last-modified-date
- agent/softwarecombine
- agent/trending
- agent/tags
- agent/source
- vendor/ivanti
- canonical/ivanti endpoint manager mobile