Описание
Ivanti Endpoint Manager Mobile (EPMM), formerly MobileIron Core, through 11.10 allows remote attackers to obtain PII, add an administrative account, and change the configuration because of an authentication bypass, as exploited in the wild in July 2023. A patch is available.
Ivanti Endpoint Manager Mobile (EPMM), formerly MobileIron Core, through 11.10 allows remote attackers to obtain PII, add an administrative account, and change the configuration because of an authentication bypass, as exploited in the wild in July 2023. A patch is available.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2023-35078
- https://forums.ivanti.com/s/article/CVE-2023-35078-Remote-unauthenticated-API-access-vulnerability
- https://forums.ivanti.com/s/article/KB-Remote-unauthenticated-API-access-vulnerability-CVE-2023-35078
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-35078
- https://www.cisa.gov/news-events/alerts/2023/07/24/ivanti-releases-security-updates-endpoint-manager-mobile-epmm-cve-2023-35078
- https://www.ivanti.com/blog/cve-2023-35078-new-ivanti-epmm-vulnerability
Связанные уязвимости
An authentication bypass vulnerability in Ivanti EPMM allows unauthorized users to access restricted functionality or resources of the application without proper authentication.
Уязвимость приложения для управления жизненным циклом мобильных устройств и мобильных приложений Ivanti Endpoint Manager Mobile (EPMM) (ранее MobileIron Core), связанная с недостатками процедуры аутентификации, позволяющая нарушителю повысить свои привилегии