Shockwave | Attack Surface & Continuous Threat Exposure Management, Simplified - Shockwave Attack Surface Management - CVE-2023-35078 Authentication Bypass affecting Ivanti MobileIron

EASM

CVE

●

January 1, 2024

Gal Nagli

CEO

CVE-2023-35078 is a Critical CVE on Ivanti's MobileIron product that allows malicious actors to dump the entire PII, devices and users on the MobileIron system in a matter of a single request.

Critical CVE alert - at shockwave.cloud we have put our hands on a POC for CVE-2023-35078 which is a Critical Authentication Bypass that allows full dump of your MobileIron instances PII in a single request.We already ensured that our customers and bug bounty programs are secured from nation state attacks, even before public POC has been released!if you’re using MobileIron - don’t hesitate to reach out for a free examination - we suggest to patch ASAP.

‍

https://www.linkedin.com/feed/update/urn:li:activity:7089932532464463872/

‍

‍

The security first platform

Supercharge your security

Identify, Secure and Continuously Monitor your Externally Facing Attack Surface.
Significantly Improve your security posture within minutes with an easy, smooth onboarding process.

Get Started