CVE-2023-35082

CriticalKnown ExploitedRansomware

An authentication bypass vulnerability in Ivanti EPMM 11.10 and older, allows unauthorized users to access restricted functionality or…

hackerone·CWE-287·Published 2023-08-15

CVSS

9.8

EPSS

1.00

KEV

Yes

Exploits

cve.orgen

260 chars

An authentication bypass vulnerability in Ivanti EPMM 11.10 and older, allows unauthorized users to access restricted functionality or resources of the application without proper authentication. This vulnerability is unique to CVE-2023-35078 announced earlier.

NVDen

260 chars

NVDes

292 chars

Una vulnerabilidad de omisión de autenticación en Ivanti EPMM 11.10 y versiones anteriores permite a usuarios no autorizados acceder a funciones o recursos restringidos de la aplicación sin la autenticación adecuada. Esta vulnerabilidad es exclusiva de CVE-2023-35078 anunciada anteriormente.

CVSS metrics across sources

Version	Type	Source	Base	Exp	Impact	Vector
3.0	Primary	cve.org	10.0	—	—	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
3.0	Primary	cve.org	10.0	—	—	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
3.0	Secondary	NVD	10.0	3.9	6.0	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
3.1	Primary	NVD	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H