SB2023080417 - Improper Authentication in Ivanti Endpoint Manager Mobile
Published: August 4, 2023
Security Bulletin ID
SB2023080417
Severity
High
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Remote access
Highest impact
Code execution
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Improper Authentication (CVE-ID: CVE-2023-30578)
The vulnerability allows a remote attacker to bypass authentication process.
The vulnerability exists due to an error in when processing authentication requests. A remote attacker can access users’ personally identifiable information and make limited changes to the server.
Remediation
Install update from vendor's website.
References
- https://forums.ivanti.com/s/article/CVE-2023-35078-Remote-unauthenticated-API-access-vulnerability?language=en_US
- https://forums.ivanti.com/s/article/KB-Remote-unauthenticated-API-access-vulnerability-CVE-2023-35078?language=en_US
- https://www.ivanti.com/blog/cve-2023-35078-new-ivanti-epmm-vulnerability