High Threat Security Alert (A23-07-22): Vulnerability in Ivanti Endpoint Manager Mobile (MobileIron Core)
26 July 2023
Ivanti has published a security advisory to address a vulnerability in Ivanti Endpoint Manager Mobile. An unauthorised remote attacker with access to specific API paths could access the personal data and other mobile device details for users stored on the vulnerable systems, as well as make other configuration changes such as creating an administrative account for further access to the vulnerable systems. The detailed information about the vulnerability can be found at: https://forums.ivanti.com/s/article/CVE-2023-35078-Remote-unauthenticated-API-access-vulnerability
Ivanti has published a security advisory on a critical authentication bypass vulnerability (CVE-2023-35078) in Ivanti Endpoint Manager Mobile (EPMM), formerly known as MobileIron Core. As multiple reports indicate that the vulnerability is being actively exploited, you are advised to take immediate action to apply the security updates to address the vulnerability.
Ivanti Endpoint Manager Mobile (MobileIron Core) prior to version 220.127.116.11, 18.104.22.168 and 22.214.171.124
For detailed information of the affected products, please refer to the corresponding security advisory at vendor's website.
Successful exploitation of the vulnerability could lead to information disclosure, security restriction bypass or tampering on an affected system.
Patches for affected products are available. System administrators of affected systems should follow the recommendations provided by the product vendor and take immediate actions to mitigate the risk.