Remote Unauthenticated API Access Vulnerability

Imechapishwa: Aug 11, 2023 12:45

Advisory No:

Source:

Software Affected:

Overview

Description

Advisory No: TZCERT/SA/2023/08/11

Date of First Release: 11th August 2023

Source: Ivanti

Overview:

Ivanti has released security patches to address a critical vulnerability affecting multiple versions of Ivanti End Point Manager Mobile (EPMM). This vulnerability could allow an attacker to obtain sensitive information and take control of an affected system.

Description:

Ivanti End Point Manager Mobile (EPMM) formerly known as MobileIron Core affected by a remote unauthenticated API Access vulnerability. The vulnerability allows an authenticated attacker to access restricted functionality or resources of the application without proper authentication.

Impact:

Successful exploitation of this vulnerability allows an attacker to take control of an affected system.

Solution:

Ivanti has released security patches for this vulnerability. Users and Administrators are encouraged to apply necessary updates.

Reference:

  1. https://forums.ivanti.com/s/article/CVE-2023-35078-Remote-unauthenticated-API-access-vulnerability?language=en_US
  2. https://www.rapid7.com/blog/post/2023/08/02/cve-2023-35082-mobileiron-core-unauthenticated-api-access-vulnerability/

Impact

Solution

References

Subscribe To TZ - CERT Newsletter

A digest of Tanzania Computer Emergency Response Team coverage of cyber-security news across the globe.

Subscribe
Ripoti Tukio