Home Ivanti CVE-2023-35078

CRITICAL: THIS VULNERABILITY IS ACTIVELY BEING EXPLOITED IN THE WILD (CISA KEV CATALOG)

CVE-2023-35078

Exploited

Ivanti EPMM - API

Ivanti CVSS 9.8 Updated March 18, 2026

Threat Level CRITICAL

Executive Risk Summary

"An authentication bypass vulnerability in Ivanti EPMM allows unauthorized users to access restricted functionality or resources of the application without proper authentication, potentially leading to unauthorized data access or modification. This vulnerability can be exploited remotely, making it a high-risk issue that requires immediate attention."

Operational Audit Arsenal

Target Type API

Target Asset Ivanti EPMM API

Standard Path Global Firmware

Manual Verification Required

This is a non-Windows asset (Ivanti). Use the target asset details and official path provided above to verify your current version against the official vendor advisories listed below.

Patch Impact Forecast

Reboot Required Likely

Moderate

Internal Work Notes

CVE-2023-35078: Ivanti EPMM authentication bypass vulnerability - apply security updates to prevent unauthorized access to restricted resources

Technical Intelligence & Operational Utilities • Delivered Weekly

Intelligence Sources

Official Advisoryhttps://forums.ivanti.com/s/article/CVE-2023-35078-Remote-unauthenticated-API-access-vulnerability

Official Advisoryhttps://forums.ivanti.com/s/article/KB-Remote-unauthenticated-API-access-vulnerability-CVE-2023-35078

Official Advisoryhttps://www.cisa.gov/news-events/alerts/2023/07/24/ivanti-releases-security-updates-endpoint-manager-mobile-epmm-cve-2023-35078

Official Advisoryhttps://www.ivanti.com/blog/cve-2023-35078-new-ivanti-epmm-vulnerability

Official Advisoryhttps://forums.ivanti.com/s/article/CVE-2023-35078-Remote-unauthenticated-API-access-vulnerability

Official Advisoryhttps://forums.ivanti.com/s/article/KB-Remote-unauthenticated-API-access-vulnerability-CVE-2023-35078

Official Advisoryhttps://www.cisa.gov/news-events/alerts/2023/07/24/ivanti-releases-security-updates-endpoint-manager-mobile-epmm-cve-2023-35078

Official Advisoryhttps://www.ivanti.com/blog/cve-2023-35078-new-ivanti-epmm-vulnerability

Official Advisoryhttps://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-35078

Related Ivanti Threats

CVE-2024-11639 CVSS 10

Ivanti Cloud Services Application - Admin Web Console

CVE-2025-22467 CVSS 9.9

Ivanti Connect Secure - Connect Secure

CVE-2023-46808 CVSS 9.9

Ivanti Neurons for ITSM - File Upload Component

Data compiled from NVD, MSRC, and CISA KEV Catalog. Intelligence synthesized via AI. Scripts provided for diagnostic purposes under MIT License.