CVE-2023-35078

This PoC exploits CVE-2023-35078, an unauthenticated API access vulnerability in Ivanti Endpoint Manager Mobile (EPMM). It checks for vulnerable versions and extracts user data via an insecure API endpoint.

This Go-based PoC exploits CVE-2023-35078, an unauthenticated API access vulnerability in Ivanti MobileIron. It checks for vulnerable versions (≤11.4) and extracts user data via an insecure endpoint.

This repository contains a Bash script to check if a target Ivanti EPMM (formerly MobileIron Core) instance is vulnerable to CVE-2023-35078 by examining version and copyright information. It does not exploit the vulnerability but helps identify potentially vulnerable systems.

This is a Python-based proof-of-concept exploit for CVE-2023-35078, targeting Ivanti MobileIron Core's unauthenticated API access vulnerability. It extracts sensitive user data by exploiting improper authentication validation in the `/mifs/aad/api/v2/authorized/users` endpoint.

This repository contains only a README describing an Nmap script for exploiting CVE-2023-35078, but no actual exploit code is provided. The README instructs users to save a script file and run it with Nmap, but the script itself is missing.

This PoC checks for the presence of CVE-2023-35078, an information disclosure vulnerability in Ivanti Endpoint Manager Mobile (EPMM). It sends a GET request to a specific endpoint and checks if the response status code is 200, indicating potential vulnerability.

This script checks for the presence of CVE-2023-35078 by querying the `/mifs/aad/api/v2/ping` endpoint of Ivanti EPMM. It verifies vulnerability by checking the response for a `vspVersion` field, indicating an info leak.