CVE-2023-35082
Ivanti Endpoint Manager Mobile (EPMM) and MobileIron Core Authentication Bypass Vulnerability
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
YesDecision
Descriptions
An authentication bypass vulnerability in Ivanti EPMM 11.10 and older, allows unauthorized users to access restricted functionality or resources of the application without proper authentication. This vulnerability is unique to CVE-2023-35078 announced earlier.
Una vulnerabilidad de omisión de autenticación en Ivanti EPMM 11.10 y versiones anteriores permite a usuarios no autorizados acceder a funciones o recursos restringidos de la aplicación sin la autenticación adecuada. Esta vulnerabilidad es exclusiva de CVE-2023-35078 anunciada anteriormente.
Ivanti Endpoint Manager Mobile (EPMM) and MobileIron Core contain an authentication bypass vulnerability that allows unauthorized users to access restricted functionality or resources of the application.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2023-06-13 CVE Reserved
- 2023-08-07 First Exploit
- 2023-08-15 CVE Published
- 2024-01-18 Exploited in Wild
- 2024-02-08 KEV Due Date
- 2024-08-02 CVE Updated
- 2024-11-06 EPSS Updated
CWE
- CWE-287: Improper Authentication
CAPEC
References (2)
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Ivanti Search vendor "Ivanti" | Endpoint Manager Mobile Search vendor "Ivanti" for product "Endpoint Manager Mobile" | <= 11.10.0 Search vendor "Ivanti" for product "Endpoint Manager Mobile" and version " <= 11.10.0" | - |
Affected
| ||||||