L4sBot

L4sBot

CVE-2023-35078 - Remote Unauthenticated API Access Vulnerability - A vulnerability has been discovered in Ivanti Endpoint Manager Mobile (EPMM), formerly known as MobileIron Core. This vulnerabilit…::A vulnerability has been discovered in Ivanti Endpoint Manager Mobile (EPMM), formerly known as MobileIron Core. This vulnerability impacts all supported versions – Version 11.4 releases 11.10, 11.9 and 11.8. Older versions/releases are also at risk. If exploited, this vulnerability enables an unauthorized, remote (internet-facing) actor to potentially access users’ personally identifiable information and make limited changes to the server. We have received information from a credible source indicating exploitation has occurred. We continue to work with our customers and partners to investigate this situation. We are only aware of a very limited number of customers that have been impacted. We are actively working with our customers and partners to investigate this situation. <table class="MsoTable15Grid2Accent3" style="border-collapse: collapse;border: none;"><tbody><tr><td colspan="1" rowspan="1" valign="top" style="border-bottom: 2px solid #c9c9c9;width: 73px;padding: 0in 7px 0in 7px;background-color: white;border-top: none;border-right: none;border-left: none;">CVE</td><td colspan="1" rowspan="1" valign="top" style="border-bottom: 2px solid #c9c9c9;width: 209px;padding: 0in 7px 0in 7px;background-color: white;border-top: none;border-right: none;border-left: none;">Description</td><td colspan="1" rowspan="1" valign="top" style="border-bottom: 2px solid #c9c9c9;width: 53px;padding: 0in 7px 0in 7px;background-color: white;border-top: none;border-right: none;border-left: none;">CVSS</td><td colspan="1" rowspan="1" valign="top" style="border-bottom: 2px solid #c9c9c9;width: 289px;padding: 0in 7px 0in 7px;background-color: white;border-top: none;border-right: none;border-left: none;">Vector</td></tr><tr><td colspan="1" rowspan="1" valign="top" style="border-bottom: 1px solid #c9c9c9;width: 73px;padding: 0in 7px 0in 7px;background-color: #ededed;border-top: none;border-right: 1px solid #c9c9c9;border-left: none;"><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-35078" style="color: blue;text-decoration: underline;" target="_blank">CVE-2023-35078</a></td><td colspan="1" rowspan="1" valign="top" style="border-bottom: 1px solid #c9c9c9;width: 209px;padding: 0in 7px 0in 7px;background-color: #ededed;border-top: none;border-right: 1px solid #c9c9c9;border-left: none;">An authentication bypass vulnerability in Ivanti EPMM allows unauthorized users to access restricted functionality or resources of the application without proper authentication.</td><td colspan="1" rowspan="1" valign="top" style="border-bottom: 1px solid #c9c9c9;width: 53px;padding: 0in 7px 0in 7px;background-color: #ededed;border-top: none;border-right: 1px solid #c9c9c9;border-left: none;">10.0</td><td colspan="1" rowspan="1" valign="top" style="border-bottom: 1px solid #c9c9c9;width: 289px;padding: 0in 7px 0in 7px;background-color: #ededed;border-top: none;border-right: none;border-left: none;">AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H</td></tr></tbody></table> Upon learning of the vulnerability, we immediately mobilized resources to fix the problem and have a patch available now. It is critical that you immediately take action to ensure you are fully protected. Read this <a href="https://forums.ivanti.com/s/article/KB-Remote-unauthenticated-API-access-vulnerability-CVE-2023-35078" style="color: blue;text-decoration: underline;" target="_blank">Knowledge Base article </a>for detailed information on how to access and apply the remediations. If you have questions or require further support, please log a case and/or request a call in the <a href="https://success.ivanti.com/community_home_page" style="color: blue;text-decoration: underline;" target="_blank">Success Portal</a>. <div> <div> <div class="msocomtxt" id="_com_1"> </div> </div> </div>

CVE-2023-35078 - Remote Unauthenticated API Access Vulnerability - A vulnerability has been discovered in Ivanti Endpoint Manager Mobile (EPMM), formerly known as MobileIron Core. This vulnerabilit...

CVE-2023-35078 - Remote Unauthenticated API Access Vulnerability - A vulnerability has been discovered in Ivanti Endpoint Manager Mobile (EPMM), formerly known as MobileIron Core. This vulnerabilit...

Ivanti Community