Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo
Web Application Vulnerabilities Runtime SCA Findings
Looking for the vulnerability index of Invicti's legacy products?
Invicti Enterprise Acunetix Standard & Premium
Ivanti EPMM API Authentication bypass (CVE-2023-35078/CVE-2023-35082) - Vulnerability Database

Ivanti EPMM API Authentication bypass (CVE-2023-35078/CVE-2023-35082)

Description

Ivanti Endpoint Manager Mobile (EPMM), formerly known as MobileIron Core, is vulnerable to API Authentication bypass vulnerability. An attacker could exploit this vulnerability to access users' personally identifiable information and make changes to the server.

Remediation

Upgrade to the latest version of Ivanti EPMM

References

CVE-2023-35078 - Remote Unauthenticated API Access Vulnerability
CVE-2023-35082 - Remote Unauthenticated API Access Vulnerability
CVE-2023-35082 - MobileIron Core Unauthenticated API Access Vulnerability

Related Vulnerabilities

Wing FTP Server RCE (CVE-2025-47812) Critical
Common tags: Authentication Bypass Known Vulnerabilities
URL rewrite vulnerability Medium
Common tags: Authentication Bypass Known Vulnerabilities
AppWeb Authentication Bypass (CVE-2018-8715) High
Common tags: Authentication Bypass Known Vulnerabilities
Apache OFBiz Authentication Bypass (CVE-2023-51467) Critical
Common tags: Authentication Bypass Known Vulnerabilities
Apache OFBiz RCE (CVE-2024-32113/CVE-2024-36104/CVE-2024-38856) Critical
Common tags: Authentication Bypass Known Vulnerabilities

Severity

High

Classification

CVE-2023-35078
CVE-2023-35082
CWE-287
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N

Tags

Authentication Bypass
Known Vulnerabilities