{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-35083", "assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1", "state": "PUBLISHED", "assignerShortName": "hackerone", "dateReserved": "2023-06-13T01:00:11.784Z", "datePublished": "2023-10-18T03:52:12.988Z", "dateUpdated": "2024-09-13T14:55:27.624Z"}, "containers": {"cna": {"descriptions": [{"lang": "en", "value": "Allows an authenticated attacker with network access to read arbitrary files on Endpoint Manager recently discovered on 2022 SU3 and all previous versions potentially leading to the leakage of sensitive information."}], "affected": [{"defaultStatus": "affected", "vendor": "Ivanti", "product": "Endpoint Manager", "versions": [{"version": "2022 su3", "status": "unaffected", "lessThan": "2022 su3", "versionType": "semver"}]}], "references": [{"url": "https://forums.ivanti.com/s/article/SA-2023-06-20-CVE-2023-35083?language=en_US"}], "providerMetadata": {"orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1", "shortName": "hackerone", "dateUpdated": "2023-10-18T03:52:12.988Z"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T16:23:57.610Z"}, "title": "CVE Program Container", "references": [{"url": "https://forums.ivanti.com/s/article/SA-2023-06-20-CVE-2023-35083?language=en_US", "tags": ["x_transferred"]}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-09-13T14:55:18.435410Z", "id": "CVE-2023-35083", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-13T14:55:27.624Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://forums.ivanti.com/s/article/SA-2023-06-20-CVE-2023-35083?language=en_US", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T16:23:57.610Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-35083", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-13T14:55:18.435410Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-13T14:55:23.692Z"}}], "cna": {"affected": [{"vendor": "Ivanti", "product": "Endpoint Manager", "versions": [{"status": "unaffected", "version": "2022 su3", "lessThan": "2022 su3", "versionType": "semver"}], "defaultStatus": "affected"}], "references": [{"url": "https://forums.ivanti.com/s/article/SA-2023-06-20-CVE-2023-35083?language=en_US"}], "descriptions": [{"lang": "en", "value": "Allows an authenticated attacker with network access to read arbitrary files on Endpoint Manager recently discovered on 2022 SU3 and all previous versions potentially leading to the leakage of sensitive information."}], "providerMetadata": {"orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1", "shortName": "hackerone", "dateUpdated": "2023-10-18T03:52:12.988Z"}}}, "cveMetadata": {"cveId": "CVE-2023-35083", "state": "PUBLISHED", "dateUpdated": "2024-09-13T14:55:27.624Z", "dateReserved": "2023-06-13T01:00:11.784Z", "assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1", "datePublished": "2023-10-18T03:52:12.988Z", "assignerShortName": "hackerone"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:ivanti:endpoint_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "B1F6549B-CF5D-4607-B67D-5489905A1705", "versionEndExcluding": "2022", "vulnerable": true}, {"criteria": "cpe:2.3:a:ivanti:endpoint_manager:2022:-:*:*:*:*:*:*", "matchCriteriaId": "46580865-5177-4E55-BDAC-73DA4B472B35", "vulnerable": true}, {"criteria": "cpe:2.3:a:ivanti:endpoint_manager:2022:su1:*:*:*:*:*:*", "matchCriteriaId": "E57E12B5-B789-450C-9476-6C4C151E6993", "vulnerable": true}, {"criteria": "cpe:2.3:a:ivanti:endpoint_manager:2022:su2:*:*:*:*:*:*", "matchCriteriaId": "E47C65B3-56DD-4D65-8B4B-6AFFE28E94F2", "vulnerable": true}, {"criteria": "cpe:2.3:a:ivanti:endpoint_manager:2022:su3:*:*:*:*:*:*", "matchCriteriaId": "10D6EAB7-B14B-45E9-92B9-4FADFBBB08AF", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Allows an authenticated attacker with network access to read arbitrary files on Endpoint Manager recently discovered on 2022 SU3 and all previous versions potentially leading to the leakage of sensitive information."}, {"lang": "es", "value": "Permite que un atacante autenticado con acceso a la red lea archivos arbitrarios en Endpoint Manager descubierto recientemente en 2022 SU3 y todas las versiones anteriores, lo que podr\u00eda provocar la fuga de informaci\u00f3n confidencial."}], "id": "CVE-2023-35083", "lastModified": "2024-11-21T08:07:56.550", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-10-18T04:15:10.900", "references": [{"source": "support@hackerone.com", "tags": ["Vendor Advisory"], "url": "https://forums.ivanti.com/s/article/SA-2023-06-20-CVE-2023-35083?language=en_US"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://forums.ivanti.com/s/article/SA-2023-06-20-CVE-2023-35083?language=en_US"}], "sourceIdentifier": "support@hackerone.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}