{"$ref":"https://www.cert.ssi.gouv.fr/openapi.json","affected_systems":[],"affected_systems_content":"<ul> <li><span class=\"test-id__field-value slds-form-element__static slds-grow slds-form-element_separator is-read-only iv-cad-fld\" data-aura-rendered-by=\"36:307;a\">Ivanti Endpoint Manager Mobile (EPMM), <span data-aura-rendered-by=\"15:306;a\">anciennement</span> MobileIron Core, versions 11.10, 11.9 et 11.8 sans le dernier correctif de s\u00e9curit\u00e9<br /> </span></li> </ul> <p>Les anciennes versions sont \u00e9galement affect\u00e9es, mais n'\u00e9tant plus support\u00e9es, ne recevront pas de correctif de s\u00e9curit\u00e9.</p> ","content":"## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l'\u00e9diteur pour l'obtention des\ncorrectifs (cf. section Documentation).\n","cves":[{"name":"CVE-2023-35078","url":"https://www.cve.org/CVERecord?id=CVE-2023-35078"},{"name":"CVE-2023-35081","url":"https://www.cve.org/CVERecord?id=CVE-2023-35081"}],"links":[],"reference":"CERTFR-2023-AVI-0604","revisions":[{"description":"Version initiale","revision_date":"2023-07-31T00:00:00.000000"}],"risks":[{"description":"Ex\u00e9cution de code arbitraire \u00e0 distance"},{"description":"Atteinte \u00e0 l'int\u00e9grit\u00e9 des donn\u00e9es"}],"summary":"Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans Ivanti Endpoint Manager Mobile\net Endpoint Manager. Elle permet \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire \u00e0 distance et une atteinte \u00e0 l'int\u00e9grit\u00e9\ndes donn\u00e9es.\n\nIvanti indique que la vuln\u00e9rabilit\u00e9 <span\nclass=\"test-id__field-value slds-form-element__static slds-grow is-read-only iv-cad-fld iv-cad-fldtitle\"\naura-rendered-by=\"96:266;a\"><span class=\"uiOutputText\"\naura-rendered-by=\"99:266;a\" aura-class=\"uiOutputText\">CVE-2023-35081 est\nactivement exploit\u00e9e dans le cadre d'attaques cibl\u00e9es, tout comme la\nvuln\u00e9rabilit\u00e9 <span\nclass=\"test-id__field-value slds-form-element__static slds-grow slds-form-element_separator is-read-only iv-cad-fld\"\naura-rendered-by=\"36:307;a\">CVE-2023-35078</span>.</span></span>\n","title":"Vuln\u00e9rabilit\u00e9 dans Ivanti Endpoint Manager Mobile","vendor_advisories":[{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 Ivanti CVE-2023-35081 du 28 juillet 2023","url":"https://forums.ivanti.com/s/article/CVE-2023-35081-Arbitrary-File-Write?language=en_US"}]}