10
CVE-2023-35082
- EPSS 94.42%
- Veröffentlicht 15.08.2023 16:15:11
- Zuletzt bearbeitet 31.10.2025 21:59:16
- Quelle support@hackerone.com
- CVE-Watchlists
- Unerledigt
LoginAn authentication bypass vulnerability in Ivanti EPMM 11.10 and older, allows unauthorized users to access restricted functionality or resources of the application without proper authentication. This vulnerability is unique to CVE-2023-35078 announced earlier.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Ivanti ≫ Endpoint Manager Mobile Version < 11.11.0
18.01.2024: CISA Known Exploited Vulnerabilities (KEV) Catalog
Ivanti Endpoint Manager Mobile (EPMM) and MobileIron Core Authentication Bypass Vulnerability
SchwachstelleIvanti Endpoint Manager Mobile (EPMM) and MobileIron Core contain an authentication bypass vulnerability that allows unauthorized users to access restricted functionality or resources of the application.
BeschreibungApply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Erforderliche Maßnahmen| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 94.42% | 1 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 9.8 | 3.9 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
| support@hackerone.com | 10 | 3.9 | 6 |
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
|
CWE-287 Improper Authentication
When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.