CISA: Ivanti Releases Security Updates for Endpoint Manager Mobile (EPMM) CVE-2023-35078
Ivanti Releases Security Updates for Endpoint Manager Mobile (EPMM) CVE-2023-35078
A vulnerability discovered in Ivanti Endpoint Manager Mobile (EPMM, previously branded MobileIron Core) allows unauthenticated access to specific API paths. An attacker with access to these API paths can access personally identifiable information (PII) such as names, phone numbers, and other mobile device details for users on a vulnerable system. An attacker can also make other configuration changes, including creating an EPMM administrative account that can make further changes to a vulnerable system.
Ivanti reports that they have received information from a credible source indicating active exploitation of this vulnerability.
This vulnerability (CVE-2023-35078) affects supported EPMM versions 11.10, 11.9, and 11.8. Older, unsupported versions are also affected.
Ivanti has released patches and provided support resources for customers. CISA urges users and organizations to review Ivanti’s Security Advisory and Knowledge Base Article (customer login required) and apply the necessary patches.
A considerable amount of time and effort goes into maintaining this website, creating backend automation and creating new features and content for you to make actionable intelligence decisions. Everyone that supports the site helps enable new functionality.
If you like the site, please support us on “Patreon” or “Buy Me A Coffee” using the buttons below
To keep up to date follow us on the below channels.