• caglararli@hotmail.com
  • 05386281520

Ivanti Endpoint Manager Mobile Authentication Bypass Vulnerability

Çağlar Arlı      -    42 Views

Ivanti Endpoint Manager Mobile Authentication Bypass Vulnerability

Ivanti Endpoint Manager Mobile (EPMM, formerly MobileIron Core) contains an authentication bypass vulnerability (CVE-2023-35078) that allows unauthenticated access to specific API paths and a path traversal vulnerability (CVE-2023-35081). An attacker with access to these API paths can access personally identifiable information (PII) such as names, phone numbers, and other mobile device details for users on a vulnerable system. An attacker can also make other configuration changes including installing software and modifying security profiles on registered devices.