Back to KEVs

CVE-2023-35082

An authentication bypass vulnerability in Ivanti EPMM 11.10 and older, allows unauthorized users to access restricted functionality or resources of...

Basic Information

CVE State
PUBLISHED
Reserved Date
June 13, 2023
Published Date
August 15, 2023
Last Updated
February 04, 2025
Vendor
Ivanti
Product
EPMM
Description
An authentication bypass vulnerability in Ivanti EPMM 11.10 and older, allows unauthorized users to access restricted functionality or resources of the application without proper authentication. This vulnerability is unique to CVE-2023-35078 announced earlier.
Tags
cisa malware ransomware nuclei_scanner edge nessus_scanner

CVSS Scores

CVSS v3.0

10.0 - CRITICAL

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

SSVC Information

Exploitation
active
Automatable
Yes
Technical Impact
total

Exploit Status

Exploited in the Wild
Yes (2025-05-05 00:00:00 UTC) Source
Proof of Concept Available
Yes (added 2023-08-04 16:25:24 UTC) Source
Used in Malware
Yes (added 2024-01-18 00:00:00 UTC) Source

References

https://forums.ivanti.com/s/article/CVE-2023-35082-Remote-Unauthenticated-API-Access-Vulnerability-in-MobileIron-Core-11-2-and-older?language=en_US

Known Exploited Vulnerability Information

Source Added Date
CISA 2024-01-18 00:00:00 UTC

Scanner Integrations

Scanner URL Date Detected
Nuclei https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2023/CVE-2023-35082.yaml 2025-04-26 00:00:00 UTC
Nessus https://www.tenable.com/plugins/nessus/179335 2023-08-03 22:22:00 UTC

Potential Proof of Concepts

Warning: These PoCs have not been tested and could contain malware. Use at your own risk.

Chocapikk/CVE-2023-35082

Type: github • Created: 2023-08-04 16:25:24 UTC • Stars: 3

Remote Unauthenticated API Access Vulnerability in MobileIron Core 11.2 and older

Timeline

  • CVE ID Reserved

  • Detected by Nessus

  • Proof of Concept Exploit Available

  • CVE Published to Public

  • Exploit Used in Malware

  • Added to KEVIntel

  • Detected by Nuclei