CVE-2023-35082

Name of the Vulnerable Software and Affected Versions Ivanti Endpoint Manager Mobile (EPMM) versions 11.10 and older

Description The issue is related to an authentication bypass vulnerability in Ivanti EPMM, which allows unauthorized users to access restricted functionality or resources of the application without proper authentication. This vulnerability is being actively exploited, giving attackers access to data. The U.S. CISA has warned of this flaw and urges action, especially for government agencies.

Recommendations For Ivanti Endpoint Manager Mobile (EPMM) versions 11.10 and older: As a temporary workaround, consider disabling the vulnerable authentication mechanism until a patch is available. Restrict access to the affected API endpoints to minimize the risk of exploitation. Apply patches as soon as they are available to fix the authentication bypass vulnerability. Note: Since the provided information does not specify a fixed version, it is essential to check the official Ivanti website for the latest patches and updates.