CVE-2023-35082

CRITICAL 10.0

⚠️ CISA KEV

CVSS Score

10.0

EPSS Score

0.0%

EPSS Percentile

0th

An authentication bypass vulnerability in Ivanti EPMM 11.10 and older, allows unauthorized users to access restricted functionality or resources of the application without proper authentication. This vulnerability is unique to CVE-2023-35078 announced earlier.

Vendor	ivanti
Product	epmm
Ecosystems	VPN Networking
Industries	SecurityNetworking
Published	Aug 15, 2023
Last Updated	Oct 21, 2025

⚠️ Actively Exploited — Act Now

Get instant alerts for ivanti epmm

This vulnerability is actively exploited in the wild. Set up free real-time alerts so you're first to know about threats like CVE-2023-35082.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Affected Versions

Ivanti / EPMM

11.10 ≤ 11.10

References

NVD ↗ CVE.org ↗ EPSS Data ↗

forums.ivanti.com: https://forums.ivanti.com/s/article/CVE-2023-35082-Remote-Unauthenticated-API-Access-Vulnerability-in-MobileIron-Core-11-2-and-older?language=en_US cisa.gov: https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-35082