Description

Ivanti Endpoint Manager Mobile (EPMM), formerly known as MobileIron Core, is vulnerable to API Authentication bypass vulnerability. An attacker could exploit this vulnerability to access users' personally identifiable information and make changes to the server.

Remediation

Upgrade to the latest version of Ivanti EPMM

References

CVE-2023-35078 - Remote Unauthenticated API Access Vulnerability

CVE-2023-35082 - Remote Unauthenticated API Access Vulnerability

CVE-2023-35082 - MobileIron Core Unauthenticated API Access Vulnerability

Related Vulnerabilities

OpenSSL Incomplete Cleanup Vulnerability (CVE-2022-1473)

XOOPS Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2017-7290)

ReviveAdserver Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2016-9126)

MediaWiki Improper Access Control Vulnerability (CVE-2015-8008)

Ruby on Rails Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2016-2097)

Severity

High

Classification

CVE-2023-35078 CVE-2023-35082 CWE-287 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N

Tags

Authentication Bypass Known Vulnerabilities