{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-14T19:36:09.103","vulnerabilities":[{"cve":{"id":"CVE-2023-35078","sourceIdentifier":"support@hackerone.com","published":"2023-07-25T07:15:10.897","lastModified":"2025-10-31T21:58:35.650","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"An authentication bypass vulnerability in Ivanti EPMM allows unauthorized users to access restricted functionality or resources of the application without proper authentication."},{"lang":"es","value":"Una vulnerabilidad de omisión de autenticación en Ivanti EPMM permite a usuarios no autorizados acceder a funciones o recursos restringidos de la aplicación sin la autenticación adecuada."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1\/AV:N\/AC:L\/PR:N\/UI:N\/S:U\/C:H\/I:H\/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"cvssMetricV30":[{"source":"support@hackerone.com","type":"Secondary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0\/AV:N\/AC:L\/PR:N\/UI:N\/S:C\/C:H\/I:H\/A:H","baseScore":10.0,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":6.0}]},"cisaExploitAdd":"2023-07-25","cisaActionDue":"2023-08-15","cisaRequiredAction":"Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.","cisaVulnerabilityName":"Ivanti Endpoint Manager Mobile Authentication Bypass Vulnerability","weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-287"}]},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-287"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:ivanti:endpoint_manager_mobile:*:*:*:*:*:*:*:*","versionEndExcluding":"11.8.1.1","matchCriteriaId":"7C48786C-399D-4B0C-8082-64112C4DA5C4"},{"vulnerable":true,"criteria":"cpe:2.3:a:ivanti:endpoint_manager_mobile:*:*:*:*:*:*:*:*","versionStartIncluding":"11.9.0","versionEndExcluding":"11.9.1.1","matchCriteriaId":"50C1A12C-5862-48B6-ADA3-4222516DA152"},{"vulnerable":true,"criteria":"cpe:2.3:a:ivanti:endpoint_manager_mobile:*:*:*:*:*:*:*:*","versionStartIncluding":"11.10","versionEndExcluding":"11.10.0.2","matchCriteriaId":"76DAE9E0-15F0-40AB-8D03-E64423AD0E07"}]}]}],"references":[{"url":"https:\/\/forums.ivanti.com\/s\/article\/CVE-2023-35078-Remote-unauthenticated-API-access-vulnerability","source":"support@hackerone.com","tags":["Vendor Advisory"]},{"url":"https:\/\/forums.ivanti.com\/s\/article\/KB-Remote-unauthenticated-API-access-vulnerability-CVE-2023-35078","source":"support@hackerone.com","tags":["Exploit","Vendor Advisory"]},{"url":"https:\/\/www.cisa.gov\/news-events\/alerts\/2023\/07\/24\/ivanti-releases-security-updates-endpoint-manager-mobile-epmm-cve-2023-35078","source":"support@hackerone.com","tags":["Third Party Advisory","US Government Resource"]},{"url":"https:\/\/www.ivanti.com\/blog\/cve-2023-35078-new-ivanti-epmm-vulnerability","source":"support@hackerone.com","tags":["Vendor Advisory"]},{"url":"https:\/\/forums.ivanti.com\/s\/article\/CVE-2023-35078-Remote-unauthenticated-API-access-vulnerability","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"https:\/\/forums.ivanti.com\/s\/article\/KB-Remote-unauthenticated-API-access-vulnerability-CVE-2023-35078","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Vendor Advisory"]},{"url":"https:\/\/www.cisa.gov\/news-events\/alerts\/2023\/07\/24\/ivanti-releases-security-updates-endpoint-manager-mobile-epmm-cve-2023-35078","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","US Government Resource"]},{"url":"https:\/\/www.ivanti.com\/blog\/cve-2023-35078-new-ivanti-epmm-vulnerability","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"https:\/\/www.cisa.gov\/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-35078","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["US Government Resource"]}]}}]}