Q: Is CVE-2023-35081 being actively exploited?

Yes — CVE-2023-35081 is in CISA's Known Exploited Vulnerabilities (KEV) catalog, so it is confirmed exploited in the wild. Patch affected products as a priority.

Q: What products does CVE-2023-35081 affect?

Tracked products affected include Endpoint Manager Mobile (EPMM). Check the version you run to see whether it is affected.

Q: How do I fix CVE-2023-35081?

This vulnerability is being actively exploited in the wild — patch affected products urgently. Upgrade affected products to a fixed version.

Question 1

What is CVE-2023-35081?

Accepted Answer

CVE-2023-35081 is a high-severity software vulnerability (Path traversal) with a CVSS score of 7.2. A path traversal vulnerability in Ivanti EPMM versions (11.10.x < 11.10.0.3,  11.9.x < 11.9.1.2 and 11.8.x < 11.8.1.2) allows an authenticated administrator to write arbitrary files onto the appliance.

Question 2

Is CVE-2023-35081 being actively exploited?

Accepted Answer

Yes — CVE-2023-35081 is in CISA's Known Exploited Vulnerabilities (KEV) catalog, so it is confirmed exploited in the wild. Patch affected products as a priority.

Question 3

What products does CVE-2023-35081 affect?

Accepted Answer

Tracked products affected include Endpoint Manager Mobile (EPMM). Check the version you run to see whether it is affected.

Question 4

How do I fix CVE-2023-35081?

Accepted Answer

This vulnerability is being actively exploited in the wild — patch affected products urgently. Upgrade affected products to a fixed version.

CVE-2023-35081

Summary

Impact & exploitability

Affected products we track (1)

Recommendation

Additional information