Description
An authentication bypass in the API component of Ivanti Endpoint Manager Mobile 12.5.0.0 and prior allows attackers to access protected resources without proper credentials via the API.
CVSS breakdown
CVSS 3.1
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
None
Availability
None
Affected products
- Ivanti / Endpoint Manager Mobile12.5.0.1 – 12.5.0.1
Exploits & PoCs
- nucleiIvanti Endpoint Manager Mobile - Unauthenticated Remote Code Executionby iamnoooob,rootxharsh,parthmalhotra,pdresearch