Описание
An authentication bypass vulnerability in Ivanti EPMM allows unauthorized users to access restricted functionality or resources of the application without proper authentication.
Ссылки
- Vendor Advisory
- ExploitVendor Advisory
- Third Party AdvisoryUS Government Resource
- Vendor Advisory
- Vendor Advisory
- ExploitVendor Advisory
- Third Party AdvisoryUS Government Resource
- Vendor Advisory
- US Government Resource
Уязвимые конфигурации
Одно из
EPSS
10 Critical
CVSS3
9.8 Critical
CVSS3
Дефекты
Связанные уязвимости
Ivanti Endpoint Manager Mobile (EPMM), formerly MobileIron Core, through 11.10 allows remote attackers to obtain PII, add an administrative account, and change the configuration because of an authentication bypass, as exploited in the wild in July 2023. A patch is available.
Уязвимость приложения для управления жизненным циклом мобильных устройств и мобильных приложений Ivanti Endpoint Manager Mobile (EPMM) (ранее MobileIron Core), связанная с недостатками процедуры аутентификации, позволяющая нарушителю повысить свои привилегии
EPSS
10 Critical
CVSS3
9.8 Critical
CVSS3