CVE-2023-35082
CVE-2023-35082
In short
A flaw in Ivanti EPMM version 11.10 and older lets attackers access protected features and data without logging in. This is a critical security issue because it completely bypasses the login system.
Technical detail
An authentication bypass vulnerability in Ivanti EPMM ≤11.10 allows unauthenticated attackers to gain unauthorized access to restricted functionality and resources. The vulnerability enables direct access to protected application features without valid credentials, resulting in complete compromise of authentication controls and potential data exposure.
Summary generated and translated by AI from the official description.
An authentication bypass vulnerability in Ivanti EPMM 11.10 and older, allows unauthorized users to access restricted functionality or resources of the application without proper authentication. This vulnerability is unique to CVE-2023-35078 announced earlier.
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Affected products
Ivanti · EPMMpublic PoCs found — 1
githubgithub.com/Chocapikk/CVE-2023-35082★ 4⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →