Ivanti EPMM API Authentication bypass (CVE-2023-35078/CVE-2023-35082) - Vulnerability Database

Ivanti EPMM API Authentication bypass (CVE-2023-35078/CVE-2023-35082)

Description

Ivanti Endpoint Manager Mobile (EPMM), formerly MobileIron Core, contains an authentication bypass vulnerability in its API layer that allows unauthenticated remote attackers to access protected API endpoints. This critical flaw (CVE-2023-35078 and CVE-2023-35082) enables attackers to bypass authentication mechanisms entirely, gaining unauthorized access to sensitive administrative functions and user data without requiring valid credentials.

Remediation

Immediately upgrade Ivanti EPMM to a patched version that addresses CVE-2023-35078 and CVE-2023-35082. For CVE-2023-35078, upgrade to EPMM version 11.10.0.3, 11.9.1.2, or 11.8.1.3 or later. For CVE-2023-35082, upgrade to version 11.3.0.1 or later if running MobileIron Core 11.2 or older. Until patching is complete, implement network-level access controls to restrict API access to trusted IP addresses only, monitor API logs for suspicious unauthenticated access attempts, and review recent configuration changes and user data access for signs of compromise. Consult Ivanti's security advisories for version-specific upgrade paths and additional mitigation guidance.