CVE-2023-35082 - Ivanti Endpoint Manager Mobile (EPMM) and MobileIron Core Authentication Bypass Vulnerability

: Ivanti | Endpoint Manager Mobile (EPMM) and MobileIron Core

Date Added:
2024-01-18

Due Date:
2024-02-08

Vulnerability Name: Ivanti Endpoint Manager Mobile (EPMM) and MobileIron Core Authentication Bypass Vulnerability

Description: Ivanti Endpoint Manager Mobile (EPMM) and MobileIron Core contain an authentication bypass vulnerability that allows unauthorized users to access restricted functionality or resources of the application.

Known To Be Used in Ransomware Campaigns?: Known

Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Additional Notes: https://forums.ivanti.com/s/article/CVE-2023-35082-Remote-Unauthenticated-API-Access-Vulnerability-in-MobileIron-Core-11-2-and-older; https://nvd.nist.gov/vuln/detail/CVE-2023-35082

Related News Articles: Hackers use PoC exploits in attacks 22 minutes after releaseJuly 13, 2024

Free online web security scanner

Don't show website scan report rating on the leaderboard