Improper Authentication in Endpoint Manager Mobile (formerly MobileIron Core) - CVE-2023-35078
Published: July 25, 2023 / Updated: August 22, 2025
Vulnerability identifier: #VU78625
CSH Severity: Critical
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A/U:Red
CVE-ID: CVE-2023-35078
CWE-ID: CWE-287
Exploitation vector: Remote access
Exploit availability:
The vulnerability is being exploited in the wild
Vendor: Ivanti
Affected software:
Endpoint Manager Mobile (formerly MobileIron Core)
Endpoint Manager Mobile (formerly MobileIron Core)
Detailed vulnerability description
The vulnerability allows a remote attacker to bypass authentication process.
The vulnerability exists due to an unspecified error in the authentication process. A remote attacker can bypass authentication and gain unauthorized access to the application.
Note, the vulnerability is being actively exploited in the wild as per Ivanti customers. The company at the moment did not comment on the incident and concealed all information about this vulnerability.
How to mitigate CVE-2023-35078
Install updates from vendor's website.