CVE Catalog

Actively exploited in the wild

Ivanti Endpoint Manager Mobile (EPMM) and MobileIron Core Authentication Bypass Vulnerability

Ivanti — Endpoint Manager Mobile (EPMM) and MobileIron Core · Listed in the CISA KEV since 2024-01-18. This indicates confirmed attacks in production environments.

Required action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

CVE-2023-35082

CriticalCVSS 9.8KEV
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Very high risk
100.00%

100th percentile — higher than 100% of all known CVEs

Summary

CVE-2023-35082 is an authentication bypass vulnerability in Ivanti EPMM 11.10 and older, allowing unauthorized users to access restricted functionality or resources of the application without proper authentication.

Risk Assessment

The risk to the organization is that unauthorized users may gain access to sensitive data or application functions, potentially leading to security breaches.

Recommendation

It is recommended to update Ivanti EPMM to the latest version to mitigate this vulnerability and implement additional security measures to protect application access.

Original NVD description (English source)

An authentication bypass vulnerability in Ivanti EPMM 11.10 and older, allows unauthorized users to access restricted functionality or resources of the application without proper authentication. This vulnerability is unique to CVE-2023-35078 announced earlier.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS