CVE-2023-35078 : IVANTI ENDPOINT MANAGER MOBILE UP TO 11.10 IMPROPER AUTHENTICATION

Description

Ivanti Endpoint Manager Mobile (EPMM), formerly MobileIron Core, through 11.10 allows remote attackers to obtain PII, add an administrative account, and change the configuration because of an authentication bypass, as exploited in the wild in July 2023. A patch is available.

References

https://forums.ivanti.com/s/article/CVE-2023-35078-Remote-unauthenticated-API-access-vulnerability

https://forums.ivanti.com/s/article/KB-Remote-unauthenticated-API-access-vulnerability-CVE-2023-35078

https://www.cisa.gov/news-events/alerts/2023/07/24/ivanti-releases-security-updates-endpoint-manager-mobile-epmm-cve-2023-35078

https://www.ivanti.com/blog/cve-2023-35078-new-ivanti-epmm-vulnerability

For More Information

MITRE

Contact us to get started

CVE-2024-22144 : ELI SCHEETZ ANTI-MALWARE SECURITY AND BRUTE-FORCE FIREWALL PLUGIN CODE INJECTION

Description Improper Control of Generation of Code (‘Code Injection’) vulnerability in Eli Scheetz Anti-Malware Security and Brute-Force Firewall gotmls allows

Learn more

CVE-2024-26922 : LINUX KERNEL UP TO 6.9-RC4 AMDGPU PRIVILEGE ESCALATION

Description In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: validate the parameters of bo mapping operations more

Learn more

CVE-2024-21511 : MYSQL2 UP TO 3.9.6 READCODEFOR TIMEZONE CODE INJECTION

Description Versions of the package mysql2 before 3.9.7 are vulnerable to Arbitrary Code Injection due to improper sanitization of the

Learn more