FortiGuard
Fortinet’s Global Threat Intelligence and Research
Pwalia
Staff
Staff
Article Id 269815

 

Description

Ivanti Endpoint Manager Mobile (EPMM, formerly MobileIron Core) contains an authentication bypass vulnerability (CVE-2023-35078) that allows unauthenticated access to specific API paths and a path traversal vulnerability (CVE-2023-35081). An attacker with access to these API paths can access personally identifiable information (PII) such as names, phone numbers, and other mobile device details for users on a vulnerable system. An attacker can also make other configuration changes including installing software and modifying security profiles on registered devices.

CVEs

CVE-2023-35081', 'CVE-2023-35078

Severity

High

Posted On

Aug 10, 2023

Outbreak Report Link

https://www.fortiguard.com/outbreak-alert/ivanti-epmm-authentication-bypass

 

Contributors