SB2023072510 - Authentication bypass in Ivanti Endpoint Manager Mobile (formerly MobileIron Core)
Published: July 25, 2023 Updated: August 22, 2025
Security Bulletin ID
SB2023072510
Severity
Critical
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Remote access
Highest impact
Code execution
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Improper Authentication (CVE-ID: CVE-2023-35078)
The vulnerability allows a remote attacker to bypass authentication process.
The vulnerability exists due to an unspecified error in the authentication process. A remote attacker can bypass authentication and gain unauthorized access to the application.
Note, the vulnerability is being actively exploited in the wild as per Ivanti customers. The company at the moment did not comment on the incident and concealed all information about this vulnerability.
Remediation
Install update from vendor's website.