CVE-2023-35082 - Ivanti Endpoint Manager Mobile (EPMM) and MobileIron Core Authentication Bypass Vulnerability
Project:Ivanti
Product:Endpoint Manager Mobile (EPMM) and MobileIron Core
Date Added:2024-01-18Due Date:2024-02-08
Vulnerability Name
Ivanti Endpoint Manager Mobile (EPMM) and MobileIron Core Authentication Bypass Vulnerability
Description
Ivanti Endpoint Manager Mobile (EPMM) and MobileIron Core contain an authentication bypass vulnerability that allows unauthorized users to access restricted functionality or resources of the application.
Known To Be Used in Ransomware Campaigns?
Known
Action
Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Additional Notes
https://forums.ivanti.com/s/article/CVE-2023-35082-Remote-Unauthenticated-API-Access-Vulnerability-in-MobileIron-Core-11-2-and-older
https://nvd.nist.gov/vuln/detail/CVE-2023-35082
Related News Articles
Hackers use PoC exploits in attacks 22 minutes after releaseJuly 13, 2024