CVE-2023-35078
CVSS Score
10.0
EPSS Score
0.0%
EPSS Percentile
0th
An authentication bypass vulnerability in Ivanti EPMM allows unauthorized users to access restricted functionality or resources of the application without proper authentication.
| Vendor | ivanti |
| Product | endpoint manager mobile |
| Ecosystems | |
| Industries | SecurityNetworking |
| Published | Jul 25, 2023 |
| Last Updated | Oct 21, 2025 |
โ ๏ธ Actively Exploited โ Act Now
Get instant alerts for ivanti endpoint manager mobile
This vulnerability is actively exploited in the wild. Set up free real-time alerts so you're first to know about threats like CVE-2023-35078.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
CVSS v3 Breakdown
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H Affected Versions
Ivanti / Endpoint Manager Mobile
All versions affected References
forums.ivanti.com: https://forums.ivanti.com/s/article/CVE-2023-35078-Remote-unauthenticated-API-access-vulnerability forums.ivanti.com: https://forums.ivanti.com/s/article/KB-Remote-unauthenticated-API-access-vulnerability-CVE-2023-35078 cisa.gov: https://www.cisa.gov/news-events/alerts/2023/07/24/ivanti-releases-security-updates-endpoint-manager-mobile-epmm-cve-2023-35078 ivanti.com: https://www.ivanti.com/blog/cve-2023-35078-new-ivanti-epmm-vulnerability cisa.gov: https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-35078