CVE-2023-35082

CVSS v3 9.8 CRITICAL

9.8^/10

CVSS v3 : CRITICAL

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

n authentication bypass vulnerability in Ivanti EPMM 11.10 and older, allows unauthorized users to access restricted functionality or resources of the application without proper authentication. This vulnerability is unique to CVE-2023-35078 announced earlier.

References

Link	Resource
https://forums.ivanti.com/s/article/CVE-2023-35082-Remote-Unauthenticated-API-Access-Vulnerability-in-MobileIron-Core-11-2-and-older?language=en_US	Vendor Advisory
https://forums.ivanti.com/s/article/CVE-2023-35082-Remote-Unauthenticated-API-Access-Vulnerability-in-MobileIron-Core-11-2-and-older?language=en_US	Vendor Advisory
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-35082	US Government Resource

Configurations

Configuration 1 (hide)

cpe:2.3:a:ivanti:endpoint_manager_mobile:*:*:*:*:*:*:*:*

History

31 Oct 2025, 21:59

Type	Values Removed	Values Added
References	~~() https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-35082 -~~	() https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-35082 - US Government Resource

21 Oct 2025, 23:16

Type	Values Removed	Values Added
References		() https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-35082 -

21 Oct 2025, 20:19

Type	Values Removed	Values Added
References	~~{'url': 'https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-35082', 'source': '134c704f-9b21-4f2e-91b3-4a467353bcc0'}~~

21 Oct 2025, 19:20

Type	Values Removed	Values Added
References		() https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-35082 -

21 Nov 2024, 08:07

Type	Values Removed	Values Added
References	~~() https://forums.ivanti.com/s/article/CVE-2023-35082-Remote-Unauthenticated-API-Access-Vulnerability-in-MobileIron-Core-11-2-and-older?language=en_US - Vendor Advisory~~	() https://forums.ivanti.com/s/article/CVE-2023-35082-Remote-Unauthenticated-API-Access-Vulnerability-in-MobileIron-Core-11-2-and-older?language=en_US - Vendor Advisory

Information

Published : 2023-08-15 16:15

Updated : 2025-10-31 21:59

NVD link : CVE-2023-35082

Mitre link : CVE-2023-35082

CVE.ORG link : CVE-2023-35082

JSON object : View

Products Affected

ivanti

endpoint_manager_mobile

CWE

CWE-287

Improper Authentication

9.8 /10