Main Vulnerability Database Exploits ID:11877 - Exploit for Improper Authentication in Endpoint Manager Mobile (formerly MobileIron Core) - CVE-2023-35078

ID:11877 - Exploit for Improper Authentication in Endpoint Manager Mobile (formerly MobileIron Core) - CVE-2023-35078

Published: August 22, 2025

Vulnerability identifier: #VU78625

Vulnerability risk: Critical

CVE-ID: CVE-2023-35078

CWE-ID: CWE-287

Exploitation vector: Remote access

Vulnerable software:
Endpoint Manager Mobile (formerly MobileIron Core)

Link to public exploit:

https://github.com/0nsec/CVE-2023-35078

Vulnerability description

The vulnerability allows a remote attacker to bypass authentication process.

The vulnerability exists due to an unspecified error in the authentication process. A remote attacker can bypass authentication and gain unauthorized access to the application.

Note, the vulnerability is being actively exploited in the wild as per Ivanti customers. The company at the moment did not comment on the incident and concealed all information about this vulnerability.

Remediation

Install updates from vendor's website.

ID:11877 - Exploit for Improper Authentication in Endpoint Manager Mobile (formerly MobileIron Core) - CVE-2023-35078

Link to public exploit:

Vulnerability description

Remediation

Please verify you're human