QID 730860

Date Published: 2023-07-27

QID 730860: Ivanti Endpoint Manager Mobile (EPMM) Remote Unauthenticated API Access Vulnerability

Ivanti Endpoint Manager Mobile Ivanti EPMM is a mobile management software engine that enables IT to set policies for mobile devices applications and content. This product enables mobile device management mobile application management and mobile content management capabilities.

A vulnerability has been discovered in Ivanti Endpoint Manager Mobile EPMM formerly known as MobileIron Core.

Affected Versions:
This vulnerability impacts all supported versions 11.10, 11.9 and 11.8. Older versions or releases are also at risk.

QID Detection Logic (Unauthenticated):
This QID checks the "Last-Modified" field of HTTP request to detect if the MobileIron Core patch has been applied.

QID Detection Logic (Unauthenticated):
This QID checks the version of MobileIron Sentry from URL "mics/login.jsp"

QID Detection Logic (Unauthenticated):
This QID sends a GET request to "mifs/aad/api/v2/admins/users" and flags if the endpoint is accessible.

Successful exploitation can result in Remote Unauthenticated API Access Vulnerability.

  • CVSS V3 rated as Critical - 9.8 severity.
  • CVSS V2 rated as Critical - 10 severity.
    • Solution
    Ivanti has released an advisory to fix this issue. Refer to Ivanti Advisory Ivanti Security Updates for additional information on obtaining the fixes.
    Vendor References

    CVEs related to QID 730860

    CVE-2023-35078 |
    Software Advisories
    Advisory ID Software Component Link
    CVE-2023-35078 URL Logo forums.ivanti.com/s/article/CVE-2023-35078-Remote-unauthenticated-API-access-vulnerability?language=en_US
    By selecting these links, you may be leaving CVEreport webspace. We have provided these links to other websites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other websites that are more appropriate for your purpose. CVEreport does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, CVEreport does not endorse any commercial products that may be mentioned on these sites. Please address comments about any linked pages to [email protected].