Vulnerability Description
An authentication bypass vulnerability in Ivanti EPMM allows unauthorized users to access restricted functionality or resources of the application without proper authentication.
CVSS Score
9.8
CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ivanti | Endpoint Manager Mobile | < 11.8.1.1 |
Related Weaknesses (CWE)
References
- https://forums.ivanti.com/s/article/CVE-2023-35078-Remote-unauthenticated-API-acVendor Advisory
- https://forums.ivanti.com/s/article/KB-Remote-unauthenticated-API-access-vulneraExploitVendor Advisory
- https://www.cisa.gov/news-events/alerts/2023/07/24/ivanti-releases-security-updaThird Party AdvisoryUS Government Resource
- https://www.ivanti.com/blog/cve-2023-35078-new-ivanti-epmm-vulnerabilityVendor Advisory
- https://forums.ivanti.com/s/article/CVE-2023-35078-Remote-unauthenticated-API-acVendor Advisory
- https://forums.ivanti.com/s/article/KB-Remote-unauthenticated-API-access-vulneraExploitVendor Advisory
- https://www.cisa.gov/news-events/alerts/2023/07/24/ivanti-releases-security-updaThird Party AdvisoryUS Government Resource
- https://www.ivanti.com/blog/cve-2023-35078-new-ivanti-epmm-vulnerabilityVendor Advisory
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-US Government Resource
FAQ
What is CVE-2023-35078?
CVE-2023-35078 is a vulnerability with a CVSS score of 9.8 (CRITICAL). An authentication bypass vulnerability in Ivanti EPMM allows unauthorized users to access restricted functionality or resources of the application without proper authentication.
How severe is CVE-2023-35078?
CVE-2023-35078 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2023-35078?
Check the references section above for vendor advisories and patch information. Affected products include: Ivanti Endpoint Manager Mobile.