First published: Tue Aug 15 2023(Updated: )
An authentication bypass vulnerability in Ivanti EPMM 11.10 and older, allows unauthorized users to access restricted functionality or resources of the application without proper authentication. This vulnerability is unique to CVE-2023-35078 announced earlier.
Credit: support@hackerone.com support@hackerone.com support@hackerone.com
Affected Software | Affected Version | How to fix |
---|---|---|
Ivanti Endpoint Manager Mobile | <=11.10.0 | |
Ivanti Endpoint Manager Mobile | =11.10 | |
Ivanti Endpoint Manager Mobile | =11.9 | |
Ivanti Endpoint Manager Mobile | =11.8 | |
MobileIron Core | =11.7 and below | |
Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
(Found alongside the following vulnerabilities)
CVE-2023-35082 is an authentication bypass vulnerability in Ivanti EPMM 11.10 and older, allowing unauthorized users to access restricted functionality or resources without proper authentication.
CVE-2023-35082 has a severity score of 9.8, indicating it is critical.
Ivanti Endpoint Manager Mobile version 11.10.0 and older is affected by CVE-2023-35082.
Unauthorized users can exploit CVE-2023-35082 by bypassing authentication and gaining access to restricted functionality or resources.
Ivanti EPMM users should upgrade to a version newer than 11.10.0 to mitigate the authentication bypass vulnerability.