Ivanti MobileIron API Access Flaw let Attackers Access Sensitive Information

There’s a well-known vulnerability in Ivanti’s MobileIron Core 11.2 version that could maybe perhaps well enable a malicious actor to procedure unauthorized web admission to to restricted capabilities.

MobileIron core is a made from Ivanti that allows customers to securely take care of the lifecycle of cell devices and cell capabilities.

It’s a mixture of MDM (Cell Instrument Management), MAM (Cell Application Management), and MCM (Cell Whisper material Management).

CVE-2023-35082: Far flung Unauthenticated API Rating admission to Flaw

This authentication bypass vulnerability exists in MobileIron Core versions earlier than 11.2. An unauthenticated attacker can exploit this vulnerability and procedure web admission to to restricted functionalities or sources of the application.

Ivanti marked the CVSS procure for this vulnerability as 10.0 (Serious). Nonetheless, the legit procure and vector are but to be confirmed.

Affected Merchandise & Mounted in Model

MobileIron Core 11.2 versions are out of reinforce on March 15, 2022, as talked about by Ivanti. Hence, there will be no patches launched for this vulnerability.

In checklist to repair this vulnerability, customers are urged to toughen to the most unusual version of Ivanti Endpoint Manager Cell (EPMM).

Ivanti also credited Stephen Fewer from Rapid7 for reporting this vulnerability. Many product vulnerabilities are identified after they’ve reached a reinforce duration that does no longer web patches from the product vendor.

Ivanti’s MobileIron Core version below 11.8.1.0 became nowadays chanced on to bear a 0-day vulnerability, which enabled distant unauthenticated API web admission to.

This vulnerability became identified as CVE-2023-35078, nonetheless Ivanti acted fleet and launched security patches to take care of the enlighten.

On Friday, the CISA issued a warning about the exploitation of vulnerabilities in Ivanti EPMM (formerly is often called MobileIron Core).

It’s crucial to preserve alert and snatch precautions to provide protection to yourself and your devices from probably threats.

It’s a entirely educate for organizations to withhold music of their procedure versions and toughen them periodically to withhold a ways from exploitation from probability actors.