CVE-2023-35078

An authentication bypass vulnerability in Ivanti EPMM allows unauthorized users to access restricted functionality or resources of the application without proper authentication.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
9.8 CRITICAL
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
Affected Products (NVD)
VendorProductVersion
ivantiendpoint_manager_mobile
𝑥
< 11.8.1.1
ivantiendpoint_manager_mobile
11.9.0 ≤
𝑥
< 11.9.1.1
ivantiendpoint_manager_mobile
11.10 ≤
𝑥
< 11.10.0.2
𝑥
= Vulnerable software versions
Early Detection
Affected products identified ahead of NVD analysis through intelligence sources.
VendorProductVersionSource
ivantiendpoint_manager_mobile
11.10.0.1 ≤
𝑥
< 11.10.0.2
ADP
ivantiendpoint_manager_mobile
11.9.1.0 ≤
𝑥
< 11.9.1.1
ADP
ivantiendpoint_manager_mobile
11.8.1.0 ≤
𝑥
< 11.8.1.1
ADP
ivantiendpoint_manager_mobile
𝑥
≤ 11.8.1.0
ADP
ivantiendpoint_manager_mobile
11.10.0.1 ≤
𝑥
< 11.10.0.2
ADP
ivantiendpoint_manager_mobile
11.9.1.0 ≤
𝑥
< 11.9.1.1
ADP
ivantiendpoint_manager_mobile
11.8.1.0 ≤
𝑥
< 11.8.1.1
ADP
ivantiendpoint_manager_mobile
𝑥
≤ 11.8.1.0
ADP
ivantiendpoint_manager_mobile
11.10.0.1 ≤
𝑥
< 11.10.0.2
ADP
ivantiendpoint_manager_mobile
11.9.1.0 ≤
𝑥
< 11.9.1.1
ADP
ivantiendpoint_manager_mobile
11.8.1.0 ≤
𝑥
< 11.8.1.1
ADP
ivantiendpoint_manager_mobile
𝑥
≤ 11.8.1.0
ADP
ivantiendpoint_manager_mobile
11.10.0.1 ≤
𝑥
< 11.10.0.2
ADP
ivantiendpoint_manager_mobile
11.9.1.0 ≤
𝑥
< 11.9.1.1
ADP
ivantiendpoint_manager_mobile
11.8.1.0 ≤
𝑥
< 11.8.1.1
ADP
ivantiendpoint_manager_mobile
𝑥
≤ 11.8.1.0
ADP
Common Weakness Enumeration
References
https://forums.ivanti.com/s/article/CVE-2023-35078-Remote-unauthenticated-API-access-vulnerability
https://forums.ivanti.com/s/article/KB-Remote-unauthenticated-API-access-vulnerability-CVE-2023-35078
https://www.cisa.gov/news-events/alerts/2023/07/24/ivanti-releases-security-updates-endpoint-manager-mobile-epmm-cve-2023-35078
https://www.ivanti.com/blog/cve-2023-35078-new-ivanti-epmm-vulnerability
https://forums.ivanti.com/s/article/CVE-2023-35078-Remote-unauthenticated-API-access-vulnerability
https://forums.ivanti.com/s/article/KB-Remote-unauthenticated-API-access-vulnerability-CVE-2023-35078
https://www.cisa.gov/news-events/alerts/2023/07/24/ivanti-releases-security-updates-endpoint-manager-mobile-epmm-cve-2023-35078
https://www.ivanti.com/blog/cve-2023-35078-new-ivanti-epmm-vulnerability
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-35078