20240119003 & K.E.V. Template update (#472)

* 20240117004

* 20240117006

* 20240119003 plus KEV template update

---------

Co-authored-by: Joshua Hitchen (DGov) <[email protected]>

docs/advisories/20240119003-Ivanti-Critical-Security-Advisory.md

@@ -0,0 +1,30 @@
+# Ivanti EPMM and MobileIron Core added to CISA Known Exploited Catalog - 20240119003
+
+## Overview
+
+Ivanti have released a critical security advisory relating to a vulnerability impacting Ivanti Endpoint Manager Mobile (EPMM) and MobileIron Core. The risk of exploitation depends on the individual customer’s configurations.
+
+
+## What is vulnerable?
+
+| Product(s) Affected | CVE | Severity | CVSS
+| --- | --- |--- | --- |
+| Ivanti Endpoint Manager Mobile (EPMM) 11.8, 11.9, 11.10 | [CVE-2023-35082](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-35082) | **Critical** | 10 |
+| MobileIron Core 11.7 and below | [CVE-2023-35082](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-35082) | **Critical** | 10 |
+
+
+## What has been observed?
+
+CISA added this vulnerabilty in their [Known Exploited Vulnerabilties](https://www.cisa.gov/known-exploited-vulnerabilities-catalog) catalog. There is no evidence of exploitation affecting Western Australian Government networks at the time of publishing.
+
+
+## Recommendation
+
+The WA SOC recommends administrators apply the solutions as per vendor instructions to all affected devices within expected timeframe of *48 Hours...* (refer [Patch Management](../guidelines/patch-management.md)):
+
+- <https://forums.ivanti.com/s/article/CVE-2023-35082-Remote-Unauthenticated-API-Access-Vulnerability-in-MobileIron-Core-11-2-and-older?language=en_US>
+
+
+### Additional Resources
+
+- CISA "CVE-2023-35082 Detail": <https://nvd.nist.gov/vuln/detail/CVE-2023-35082>

docs/markdown-templates/advisory-KnownExploited.md

@@ -2,31 +2,28 @@
 
 ## Overview
 
-The default server implementation of several TIBCO Software Inc.'s products contains a directory-traversal vulnerability that may theoretically allow web server users to access contents of the host system.
+Ivanti have released a critical security advisory relating to a vulnerability impacting Ivanti Endpoint Manager Mobile (EPMM) and MobileIron Core. The risk of exploitation depends on the individual customer’s configurations.
 
-The impact of this vulnerability includes the theoretical possibility that a web server using the provided DefaultWebResourceHandler could expose details of the host system. The disclosed data could include credentials to access other systems.
-
-## What is the vulnerability?
-
-[**CVE-XXXX-XXXXX**](https://www.cve.org/CVERecord?id=CVE-XXXX-XXXXX) - CVSS v3 Base Score: ***X.X***
 
 ## What is vulnerable?
 
-The vulnerability exists in the following products:
+| Product(s) Affected | CVE | Severity | CVSS
+| --- | --- |--- | --- |
+| Ivanti Endpoint Manager Mobile (EPMM) 11.8, 11.9, 11.10 | [CVE-2023-35082](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CCVE-2023-35082) | **Critical** | 10 |
+| MobileIron Core 11.7 and below | [CVE-2023-35082](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CCVE-2023-35082) | **Critical** | 10 |
 
-- TIBCO JasperReports Library versions **6.3.4 and below**
-- TIBCO JasperReports Library versions **6.4.1, 6.4.2, and 6.4.21**
-- TIBCO JasperReports Library version **7.1.0**
 
 ## What has been observed?
 
-CISA added this vulnerabilty in their [Known Exploited Vulnerabilties](https://www.cisa.gov/known-exploited-vulnerabilities-catalog) catalog on *date...*. There is no evidence of exploitation affecting Western Australian Government networks at the time of publishing.
+CISA added this vulnerabilty in their [Known Exploited Vulnerabilties](https://www.cisa.gov/known-exploited-vulnerabilities-catalog) catalog. There is no evidence of exploitation affecting Western Australian Government networks at the time of publishing.
+
 
 ## Recommendation
 
 The WA SOC recommends administrators apply the solutions as per vendor instructions to all affected devices within expected timeframe of *48 Hours...* (refer [Patch Management](../guidelines/patch-management.md)):
 
-- <Vendor URL Here>
+- <https://forums.ivanti.com/s/article/CVE-2023-35082-Remote-Unauthenticated-API-Access-Vulnerability-in-MobileIron-Core-11-2-and-older?language=en_US>
+
 
 ### Additional Resources
 

docs/markdown-templates/zzOLD-advisory-KnownExploited-OLD.md

@@ -0,0 +1,33 @@
+# (Vulnerability) added to CISA Known Exploited Catalog - 2024MMDD###
+
+## Overview
+
+The default server implementation of several TIBCO Software Inc.'s products contains a directory-traversal vulnerability that may theoretically allow web server users to access contents of the host system.
+
+The impact of this vulnerability includes the theoretical possibility that a web server using the provided DefaultWebResourceHandler could expose details of the host system. The disclosed data could include credentials to access other systems.
+
+## What is the vulnerability?
+
+[**CVE-XXXX-XXXXX**](https://www.cve.org/CVERecord?id=CVE-XXXX-XXXXX) - CVSS v3 Base Score: ***X.X***
+
+## What is vulnerable?
+
+The vulnerability exists in the following products:
+
+- TIBCO JasperReports Library versions **6.3.4 and below**
+- TIBCO JasperReports Library versions **6.4.1, 6.4.2, and 6.4.21**
+- TIBCO JasperReports Library version **7.1.0**
+
+## What has been observed?
+
+CISA added this vulnerabilty in their [Known Exploited Vulnerabilties](https://www.cisa.gov/known-exploited-vulnerabilities-catalog) catalog on *date...*. There is no evidence of exploitation affecting Western Australian Government networks at the time of publishing.
+
+## Recommendation
+
+The WA SOC recommends administrators apply the solutions as per vendor instructions to all affected devices within expected timeframe of *48 Hours...* (refer [Patch Management](../guidelines/patch-management.md)):
+
+- <Vendor URL Here>
+
+### Additional Resources
+
+-