Description

Ivanti Endpoint Manager Mobile (EPMM), formerly known as MobileIron Core, is vulnerable to API Authentication bypass vulnerability. An attacker could exploit this vulnerability to access users' personally identifiable information and make changes to the server.

Remediation

Upgrade to the latest version of Ivanti EPMM

References

CVE-2023-35078 - Remote Unauthenticated API Access Vulnerability

Related Vulnerabilities

WordPress Plugin WP Human Resource Management Security Bypass (2.2.14)

Drupal Core Security Bypass (8.0.0 - 9.2.21)

WordPress Plugin WP Activity Log Security Bypass (4.0.1)

WordPress Plugin Tabs-Responsive Tabs with WooCommerce Product Tab Extension Security Bypass (3.6.0)

WordPress Plugin YITH WooCommerce Added to Cart Popup Security Bypass (1.3.11)

Severity

High

Classification

CVE-2023-35078 CWE-287 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N

Tags

Authentication Bypass