CVE-2023-35083: 
Ivanti Endpoint Manager vulnerability analysis and mitigation

CVE-2023-35083 is a security vulnerability affecting Ivanti Endpoint Manager (EPM) that was discovered in 2023. The vulnerability impacts EPM version 2022 SU3 and all previous versions. This security flaw allows an authenticated attacker with network access to read arbitrary files on the Endpoint Manager, potentially leading to sensitive information exposure (Ivanti Blog, NVD).

The vulnerability has been assigned a CVSS v3.1 base score of 6.5 (Medium), with the vector string CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N. This scoring indicates that the vulnerability requires network access and low privileges to exploit, requires no user interaction, and primarily impacts confidentiality with no effect on integrity or availability (NVD).

The successful exploitation of this vulnerability could lead to unauthorized access to sensitive information. An authenticated attacker can gain access to the server and read files, potentially exposing confidential data (Ivanti Blog).

Ivanti has released patches to address this vulnerability. The fix is available for EPM 2022 Service Update 4 and the 2021.1 Service Release 5. Users are strongly recommended to upgrade to the latest versions to prevent potential exploitation (Ivanti Blog).