Vulnerability-Lookup

BDU:2023-04168

Vulnerability from fstec - Published: 25.07.2023

Title

Уязвимость приложения для управления жизненным циклом мобильных устройств и мобильных приложений Ivanti Endpoint Manager Mobile (EPMM) (ранее MobileIron Core), связанная с недостатками процедуры аутентификации, позволяющая нарушителю повысить свои привилегии

Description

Уязвимость приложения для управления жизненным циклом мобильных устройств и мобильных приложений Ivanti Endpoint Manager Mobile (EPMM) (ранее MobileIron Core) связана с недостатками процедуры аутентификации. Эксплуатация уязвимости может позволить нарушителю, действующему удалённо, повысить свои привилегии

Severity ?


                    
                      AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Vendor

Ivanti

Software Name

Ivanti Endpoint Manager Mobile

Software Version

11.10 (Ivanti Endpoint Manager Mobile), 11.9 (Ivanti Endpoint Manager Mobile), 11.8 (Ivanti Endpoint Manager Mobile)

Possible Mitigations

Обновление программного обеспечения до актуальной версии

Reference

https://forums.ivanti.com/s/article/CVE-2023-35078-Remote-unauthenticated-API-access-vulnerability?language=en_US https://cisoclub.ru/hakery-vzlomali-12-ministerstv-norvegii-cherez-0-day-ujazvimost-v-po-ivanti/

CWE

CWE-287

JSON

To clipboard

{
  "CVSS 2.0": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
  "CVSS 3.0": "AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
  "CVSS 4.0": null,
  "remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
  "remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
  "\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "Ivanti",
  "\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "11.10 (Ivanti Endpoint Manager Mobile), 11.9 (Ivanti Endpoint Manager Mobile), 11.8 (Ivanti Endpoint Manager Mobile)",
  "\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f \u0434\u043e \u0430\u043a\u0442\u0443\u0430\u043b\u044c\u043d\u043e\u0439 \u0432\u0435\u0440\u0441\u0438\u0438",
  "\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "25.07.2023",
  "\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "27.07.2023",
  "\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "27.07.2023",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2023-04168",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2023-35078",
  "\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
  "\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
  "\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "Ivanti Endpoint Manager Mobile",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": null,
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043f\u0440\u0438\u043b\u043e\u0436\u0435\u043d\u0438\u044f \u0434\u043b\u044f \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0436\u0438\u0437\u043d\u0435\u043d\u043d\u044b\u043c \u0446\u0438\u043a\u043b\u043e\u043c \u043c\u043e\u0431\u0438\u043b\u044c\u043d\u044b\u0445 \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432 \u0438 \u043c\u043e\u0431\u0438\u043b\u044c\u043d\u044b\u0445 \u043f\u0440\u0438\u043b\u043e\u0436\u0435\u043d\u0438\u0439 Ivanti Endpoint Manager Mobile (EPMM) (\u0440\u0430\u043d\u0435\u0435 MobileIron Core), \u0441\u0432\u044f\u0437\u0430\u043d\u043d\u0430\u044f \u0441 \u043d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043a\u0430\u043c\u0438 \u043f\u0440\u043e\u0446\u0435\u0434\u0443\u0440\u044b \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u043f\u043e\u0432\u044b\u0441\u0438\u0442\u044c \u0441\u0432\u043e\u0438 \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0438",
  "\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0421\u0443\u0449\u0435\u0441\u0442\u0432\u0443\u0435\u0442 \u0432 \u043e\u0442\u043a\u0440\u044b\u0442\u043e\u043c \u0434\u043e\u0441\u0442\u0443\u043f\u0435",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u041d\u0435\u043f\u0440\u0430\u0432\u0438\u043b\u044c\u043d\u0430\u044f \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u044f (CWE-287)",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043f\u0440\u0438\u043b\u043e\u0436\u0435\u043d\u0438\u044f \u0434\u043b\u044f \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0436\u0438\u0437\u043d\u0435\u043d\u043d\u044b\u043c \u0446\u0438\u043a\u043b\u043e\u043c \u043c\u043e\u0431\u0438\u043b\u044c\u043d\u044b\u0445 \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432 \u0438 \u043c\u043e\u0431\u0438\u043b\u044c\u043d\u044b\u0445 \u043f\u0440\u0438\u043b\u043e\u0436\u0435\u043d\u0438\u0439 Ivanti Endpoint Manager Mobile (EPMM) (\u0440\u0430\u043d\u0435\u0435 MobileIron Core) \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043a\u0430\u043c\u0438 \u043f\u0440\u043e\u0446\u0435\u0434\u0443\u0440\u044b \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0451\u043d\u043d\u043e, \u043f\u043e\u0432\u044b\u0441\u0438\u0442\u044c \u0441\u0432\u043e\u0438 \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0438",
  "\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
  "\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
  "\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430",
  "\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041d\u0430\u0440\u0443\u0448\u0435\u043d\u0438\u0435 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438",
  "\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://forums.ivanti.com/s/article/CVE-2023-35078-Remote-unauthenticated-API-access-vulnerability?language=en_US\nhttps://cisoclub.ru/hakery-vzlomali-12-ministerstv-norvegii-cherez-0-day-ujazvimost-v-po-ivanti/",
  "\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
  "\u0422\u0438\u043f \u041f\u041e": "\u041f\u0440\u0438\u043a\u043b\u0430\u0434\u043d\u043e\u0435 \u041f\u041e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c",
  "\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-287",
  "\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 10)\n\u041a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 10)"
}

CVE-2023-35078 (GCVE-0-2023-35078)

Vulnerability from cvelistv5 – Published: 2023-07-25 06:08 – Updated: 2025-10-21 23:05

Summary

An authentication bypass vulnerability in Ivanti EPMM allows unauthorized users to access restricted functionality or resources of the application without proper authentication.

Severity ?

10 (Critical)


                        
                          CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

CWE

CWE-287 - Improper Authentication

Assigner

hackerone

References

URL

Tags

	https://forums.ivanti.com/s/article/CVE-2023-3507…
	https://forums.ivanti.com/s/article/KB-Remote-una…
	https://www.cisa.gov/news-events/alerts/2023/07/2…
	https://www.ivanti.com/blog/cve-2023-35078-new-iv…

Impacted products

	Vendor	Product	Version
	Ivanti	Endpoint Manager Mobile	Unaffected: 11.10 , ≤ 11.10 (semver) Unaffected: 11.9 , ≤ 11.9 (semver) Unaffected: 11.8 , ≤ 11.8 (semver)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:ivanti:endpoint_manager_mobile:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "endpoint_manager_mobile",
            "vendor": "ivanti",
            "versions": [
              {
                "lessThan": "11.10.0.2",
                "status": "affected",
                "version": "11.10.0.1",
                "versionType": "semver"
              },
              {
                "lessThan": "11.9.1.1",
                "status": "affected",
                "version": "11.9.1.0",
                "versionType": "semver"
              },
              {
                "lessThan": "11.8.1.1",
                "status": "affected",
                "version": "11.8.1.0",
                "versionType": "semver"
              },
              {
                "lessThanOrEqual": "11.8.1.0",
                "status": "affected",
                "version": "0",
                "versionType": "semver"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:ivanti:endpoint_manager_mobile:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "endpoint_manager_mobile",
            "vendor": "ivanti",
            "versions": [
              {
                "lessThan": "11.10.0.2",
                "status": "affected",
                "version": "11.10.0.1",
                "versionType": "semver"
              },
              {
                "lessThan": "11.9.1.1",
                "status": "affected",
                "version": "11.9.1.0",
                "versionType": "semver"
              },
              {
                "lessThan": "11.8.1.1",
                "status": "affected",
                "version": "11.8.1.0",
                "versionType": "semver"
              },
              {
                "lessThanOrEqual": "11.8.1.0",
                "status": "affected",
                "version": "0",
                "versionType": "semver"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:ivanti:endpoint_manager_mobile:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "endpoint_manager_mobile",
            "vendor": "ivanti",
            "versions": [
              {
                "lessThan": "11.10.0.2",
                "status": "affected",
                "version": "11.10.0.1",
                "versionType": "semver"
              },
              {
                "lessThan": "11.9.1.1",
                "status": "affected",
                "version": "11.9.1.0",
                "versionType": "semver"
              },
              {
                "lessThan": "11.8.1.1",
                "status": "affected",
                "version": "11.8.1.0",
                "versionType": "semver"
              },
              {
                "lessThanOrEqual": "11.8.1.0",
                "status": "affected",
                "version": "0",
                "versionType": "semver"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:ivanti:endpoint_manager_mobile:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "endpoint_manager_mobile",
            "vendor": "ivanti",
            "versions": [
              {
                "lessThan": "11.10.0.2",
                "status": "affected",
                "version": "11.10.0.1",
                "versionType": "semver"
              },
              {
                "lessThan": "11.9.1.1",
                "status": "affected",
                "version": "11.9.1.0",
                "versionType": "semver"
              },
              {
                "lessThan": "11.8.1.1",
                "status": "affected",
                "version": "11.8.1.0",
                "versionType": "semver"
              },
              {
                "lessThanOrEqual": "11.8.1.0",
                "status": "affected",
                "version": "0",
                "versionType": "semver"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-35078",
                "options": [
                  {
                    "Exploitation": "active"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2023-12-09T05:05:16.354948Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          },
          {
            "other": {
              "content": {
                "dateAdded": "2023-07-25",
                "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-35078"
              },
              "type": "kev"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-287",
                "description": "CWE-287 Improper Authentication",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-10-21T23:05:42.374Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "references": [
          {
            "tags": [
              "government-resource"
            ],
            "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-35078"
          }
        ],
        "timeline": [
          {
            "lang": "en",
            "time": "2023-07-25T00:00:00.000Z",
            "value": "CVE-2023-35078 added to CISA KEV"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T16:23:57.598Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://forums.ivanti.com/s/article/CVE-2023-35078-Remote-unauthenticated-API-access-vulnerability"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://forums.ivanti.com/s/article/KB-Remote-unauthenticated-API-access-vulnerability-CVE-2023-35078"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.cisa.gov/news-events/alerts/2023/07/24/ivanti-releases-security-updates-endpoint-manager-mobile-epmm-cve-2023-35078"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.ivanti.com/blog/cve-2023-35078-new-ivanti-epmm-vulnerability"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "affected",
          "product": "Endpoint Manager Mobile",
          "vendor": "Ivanti",
          "versions": [
            {
              "lessThanOrEqual": "11.10",
              "status": "unaffected",
              "version": "11.10",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "11.9",
              "status": "unaffected",
              "version": "11.9",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "11.8",
              "status": "unaffected",
              "version": "11.8",
              "versionType": "semver"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An authentication bypass vulnerability in Ivanti EPMM allows unauthorized users to access restricted functionality or resources of the application without proper authentication."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "baseScore": 10,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.0"
          }
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-11-28T19:30:31.171Z",
        "orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
        "shortName": "hackerone"
      },
      "references": [
        {
          "url": "https://forums.ivanti.com/s/article/CVE-2023-35078-Remote-unauthenticated-API-access-vulnerability"
        },
        {
          "url": "https://forums.ivanti.com/s/article/KB-Remote-unauthenticated-API-access-vulnerability-CVE-2023-35078"
        },
        {
          "url": "https://www.cisa.gov/news-events/alerts/2023/07/24/ivanti-releases-security-updates-endpoint-manager-mobile-epmm-cve-2023-35078"
        },
        {
          "url": "https://www.ivanti.com/blog/cve-2023-35078-new-ivanti-epmm-vulnerability"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
    "assignerShortName": "hackerone",
    "cveId": "CVE-2023-35078",
    "datePublished": "2023-07-25T06:08:38.441Z",
    "dateReserved": "2023-06-13T01:00:11.783Z",
    "dateUpdated": "2025-10-21T23:05:42.374Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

BDU:2023-04168

CVE-2023-35078 (GCVE-0-2023-35078)

Tags

Sightings

Nomenclature