CVE-2023-35082

Ivanti | Endpoint Manager Mobile (EPMM) and MobileIron CoreAdded 2024-01-18Remediation Deadline 2024-02-08Active Ransomware Campaign

Ivanti Endpoint Manager Mobile (EPMM) and MobileIron Core Authentication Bypass Vulnerability

Ivanti Endpoint Manager Mobile (EPMM) and MobileIron Core contain an authentication bypass vulnerability that allows unauthorized users to access restricted functionality or resources of the application.

Required Action

Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Weakness Classification

CWE-287

References

https://forums.ivanti.com/s/article/CVE-2023-35082-Remote-Unauthenticated-API-Access-Vulnerability-in-MobileIron-Core-11-2-and-older
https://nvd.nist.gov/vuln/detail/CVE-2023-35082

Cybersecurity Alerts

CVE-2023-35082

Ivanti Endpoint Manager Mobile (EPMM) and MobileIron Core Authentication Bypass Vulnerability

Required Action

Weakness Classification

References