CVE-2023-35082

CVE Database · CVE-2023-35082

CVE-2023-35082

· CRITICALAnalyzed

CVSS v3.1

9.8

EPSS

100.00%

Published

Aug 15, 2023

Modified

Oct 31, 2025

CISA Known Exploited Vulnerability

Added: 2024-01-18 · Due: 2024-02-08

Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Public PoC / Exploit (3)

All weaponized →

NucleiNuclei detection template TrickestTrickest PoC index GitHub PoCChocapikk/CVE-2023-35082★3

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

An authentication bypass vulnerability in Ivanti EPMM 11.10 and older, allows unauthorized users to access restricted functionality or resources of the application without proper authentication. This vulnerability is unique to CVE-2023-35078 announced earlier.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Weaknesses (CWE)

CWE-287

Affected Products (1)

ivanti · endpoint_manager_mobile (up to 11.11.0)vulnerable

References (3)

https://forums.ivanti.com/s/article/CVE-2023-35082-Remote-Unauthenticated-API-Access-Vulnerability-in-MobileIron-Core-11-2-and-older?language=en_US

Vendor Advisory

https://forums.ivanti.com/s/article/CVE-2023-35082-Remote-Unauthenticated-API-Access-Vulnerability-in-MobileIron-Core-11-2-and-older?language=en_US

Vendor Advisory

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-35082

US Government Resource

KEV Catalog EPSS Scores Vendors All CVEs