top of page

Ivanti Endpoint Manger Mobile – Known Exploitation

Updated: Jul 31

CISA releases alert to Ivanti Security update for Endpoint Manager Mobile (EPMM) CVE-2023-35078.


US-based IT software company, Ivanti has patched an actively exploited zero-day authentication bypass vulnerability impacting its Endpoint Manager Mobile (EPMM) mobile device management software (formerly MobileIron Core).

Ivanti released the security patches for the remote unauthenticated API access vulnerability tracked as CVE-2023-35078 on Sunday.

This vulnerability impacts all supported versions – Version 11.4 releases 11.10, 11.9 and 11.8. Older versions/releases are also at risk. 

This particular vulnerability has received a CVSS score of 10, meaning it is very easy to exploit and does not require particular tools or specialist competency to exploit.


  • Known Exploited Vulnerability



1. CISA Adds One Known Exploited Vulnerability to Catalog. (2023, July 25)

2. Remote Unauthenticated API Access Vulnerability. (2023, July 24)


We're Here to Assist You

CyberForce|Q can assist, our Incident Response Team can be deployed 24x7x365 – reach out to or

9 views0 comments
bottom of page