Stephen Fewer from Rapid7 has discovered a vulnerability in the Ivanti EPMM. The vulnerability was found when the researchers were investigating another zero-day vulnerability CVE-2023-35078. Successful exploitation of the vulnerability may allow an unauthenticated, remote attacker to access the API and user information. CVE-2023-35082 has been given the critical severity rating with a CVSS score 10. … Continue reading “Ivanti Endpoint Manager Mobile (EPMM) Remote Unauthenticated API Access Vulnerability (CVE-2023-35082)”