Actively exploited in the wild
Ivanti Endpoint Manager Mobile (EPMM) and MobileIron Core Authentication Bypass Vulnerability
Ivanti — Endpoint Manager Mobile (EPMM) and MobileIron Core · Listed in the CISA KEV since 2024-01-18. This indicates confirmed attacks in production environments.
Required action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
CVE-2023-35082
CriticalCVSS 9.8KEVExploitation Probability (EPSS)
Very high risk100th percentile — higher than 100% of all known CVEs
Summary
CVE-2023-35082 is an authentication bypass vulnerability in Ivanti EPMM 11.10 and older, allowing unauthorized users to access restricted functionality or resources of the application without proper authentication.
Risk Assessment
The risk to the organization is that unauthorized users may gain access to sensitive data or application functions, potentially leading to security breaches.
Recommendation
It is recommended to update Ivanti EPMM to the latest version to mitigate this vulnerability and implement additional security measures to protect application access.
Original NVD description (English source)
An authentication bypass vulnerability in Ivanti EPMM 11.10 and older, allows unauthorized users to access restricted functionality or resources of the application without proper authentication. This vulnerability is unique to CVE-2023-35078 announced earlier.

