Ivanti Endpoint Manager Mobile (EPMM) Remote Unauthenticated API Access Vulnerability (CVE-2023-35082)

Stephen Fewer from Rapid7 has discovered a vulnerability in the Ivanti EPMM. The vulnerability was found when the researchers were investigating another zero-day vulnerability CVE-2023-35078.¬†Successful exploitation of the vulnerability may allow an unauthenticated, remote attacker to access the API and user information. CVE-2023-35082 has been given the critical severity rating with a CVSS score 10. … Continue reading “Ivanti Endpoint Manager Mobile (EPMM) Remote Unauthenticated API Access Vulnerability (CVE-2023-35082)”

Ivanti Endpoint Manager Mobile (EPMM) Remote Arbitrary File Write Vulnerability (CVE-2023-35081)

Ivanti EPMM, formerly MobileIron Core, is facing another zero-day vulnerability CVE-2023-35081. Successful exploitation of the vulnerability will allow an authenticated administrator to perform arbitrary file writes to the EPMM server. Arbitrary file write (AFW) is a type of vulnerability that can allow attackers to escalate their privileges and even achieve remote code execution (RCE) on … Continue reading “Ivanti Endpoint Manager Mobile (EPMM) Remote Arbitrary File Write Vulnerability¬†(CVE-2023-35081)”

Ivanti Endpoint Manager Mobile (EPMM) Remote Unauthenticated API Access Vulnerability (CVE-2023-35078)

A zero-day authentication bypass vulnerability has been discovered in Ivanti Endpoint Manager Mobile (EPMM). CVE-2023-35078 has been given critical severity ratings with a CVSS score of 10. Successful exploitation of the vulnerability may allow unauthorized users to access restricted functionality or resources of the application. CISA has added a publicly exploited CVE-2023-35078 to its Known … Continue reading “Ivanti Endpoint Manager Mobile (EPMM) Remote Unauthenticated API Access Vulnerability (CVE-2023-35078)”