← Volver a CVEs
CVE-2023-35082
CRITICALCISA KEV9.8
Descripcion
An authentication bypass vulnerability in Ivanti EPMM 11.10 and older, allows unauthorized users to access restricted functionality or resources of the application without proper authentication. This vulnerability is unique to CVE-2023-35078 announced earlier.
Detalles CVE
Puntuacion CVSS v3.19.8
SeveridadCRITICAL
Vector CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Vector de ataqueNETWORK
ComplejidadLOW
Privilegios requeridosNONE
Interaccion usuarioNONE
Publicado8/15/2023
Ultima modificacion10/31/2025
Fuentekev
Avistamientos honeypot0
CISA KEV
VendedorIvanti
ProductoEndpoint Manager Mobile (EPMM) and MobileIron Core
Nombre vulnerabilidadIvanti Endpoint Manager Mobile (EPMM) and MobileIron Core Authentication Bypass Vulnerability
Fecha inclusion KEV2024-01-18
Fecha limite remediacion2024-02-08
Uso en ransomwareKnown
Productos afectados
ivanti:endpoint_manager_mobile
Debilidades (CWE)
CWE-287
Referencias
https://forums.ivanti.com/s/article/CVE-2023-35082-Remote-Unauthenticated-API-Access-Vulnerability-in-MobileIron-Core-11-2-and-older?language=en_US(support@hackerone.com)
https://forums.ivanti.com/s/article/CVE-2023-35082-Remote-Unauthenticated-API-Access-Vulnerability-in-MobileIron-Core-11-2-and-older?language=en_US(af854a3a-2127-422b-91ae-364da2661108)
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-35082(134c704f-9b21-4f2e-91b3-4a467353bcc0)
Correlaciones IOC
Sin correlaciones registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.