clayton@site:~/news$ cat cve-2023-35082-ivanti-endpoint-manager-mobile-epmm-and-mobileiron-core.log

CVE-2023-35082 — Ivanti Endpoint Manager Mobile (EPMM) and MobileIron Core Authentication Bypass Vulnerability

2024-01-18 • CISA Known Exploited Vulnerability

[event] Ivanti Endpoint Manager Mobile (EPMM) and MobileIron Core contain an authentication bypass vulnerability that allows unauthorized users to access restricted functionality or resources of the application.

> AFFECTED SOFTWARE

Field	Value
Vendor	Ivanti
Product	Endpoint Manager Mobile (EPMM) and MobileIron Core
CWE	CWE-287
CVE ID	CVE-2023-35082
Date Added	2024-01-18
Due Date	2024-02-08
Ransomware Campaign	Known — this vulnerability has been leveraged in ransomware campaigns

> MITIGATION

Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Due Date: 2024-02-08

> REFERENCES

[1] https://forums.ivanti.com/s/article/CVE-2023-35082-Remote-Unauthenticated-API-Ac...
[2] https://nvd.nist.gov/vuln/detail/CVE-2023-35082