VIR Vulnerability Intelligence Relay

CVE-2023-35082

unknown KEV
Published 2024-01-18 · Modified 2024-01-18
CVSS v3
CVSS v2
VIR risk
1.5

Description

Ivanti Endpoint Manager Mobile (EPMM) and MobileIron Core contain an authentication bypass vulnerability that allows unauthorized users to access restricted functionality or resources of the application.

CISA KEV

Vendor
Ivanti
Product
Endpoint Manager Mobile (EPMM) and MobileIron Core
Due date
2024-02-08

Predictions

Exploit likelihood
99%
Patch ETA

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

vendor Authored 2026-05-27

Vendor advisory: cisa-kev — https://forums.ivanti.com/s/article/CVE-2023-35082-Remote-Unauthenticated-API-Access-Vulnerability-in-MobileIron-Core-11-2-and-older; https://nvd.nist.gov/vuln/detail/CVE-2023-35082

Exploits

References

Verify integrity in audit chain (admin only). AS-IS.