Security News > 2024 > January > U.S. Cybersecurity Agency Warns of Actively Exploited Ivanti EPMM Vulnerability

U.S. Cybersecurity Agency Warns of Actively Exploited Ivanti EPMM Vulnerability
2024-01-19 04:55

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a now-patched critical flaw impacting Ivanti Endpoint Manager Mobile (EPMM) and MobileIron Core to its Known Exploited Vulnerabilities (KEV) catalog, stating it's being actively exploited in the wild. The vulnerability in question is CVE-2023-35082 (CVSS score: 9.8), an authentication bypass


News URL

https://thehackernews.com/2024/01/us-cybersecurity-agency-warns-of.html

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2023-08-15 CVE-2023-35082 Improper Authentication vulnerability in Ivanti Endpoint Manager Mobile
An authentication bypass vulnerability in Ivanti EPMM 11.10 and older, allows unauthorized users to access restricted functionality or resources of the application without proper authentication.
network
low complexity
ivanti CWE-287
critical
9.8

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Ivanti 27 0 51 157 75 283