#VU78625 Improper Authentication in Endpoint Manager Mobile (formerly MobileIron Core) - CVE-2023-35078
Published: July 25, 2023 / Updated: August 22, 2025
Vulnerability identifier: #VU78625
Vulnerability risk: Critical
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A/U:Red
CVE-ID: CVE-2023-35078
CWE-ID: CWE-287
Exploitation vector: Remote access
Exploit availability:
The vulnerability is being exploited in the wild
Vulnerable software:
Endpoint Manager Mobile (formerly MobileIron Core)
Endpoint Manager Mobile (formerly MobileIron Core)
Software vendor:
Ivanti
Ivanti
Description
The vulnerability allows a remote attacker to bypass authentication process.
The vulnerability exists due to an unspecified error in the authentication process. A remote attacker can bypass authentication and gain unauthorized access to the application.
Note, the vulnerability is being actively exploited in the wild as per Ivanti customers. The company at the moment did not comment on the incident and concealed all information about this vulnerability.
Remediation
Install updates from vendor's website.