An authentication bypass in the API component of Ivanti Endpoint Manager Mobile 12.5.0.0 and prior allows attackers to access protected resources without proper credentials via the API.
A product requires authentication, but the product has an alternate path or channel that does not require authentication.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Endpoint_manager_mobile | Ivanti | * | 11.12.0.5 (excluding) |
Endpoint_manager_mobile | Ivanti | 12.3.0.0 (including) | 12.3.0.2 (excluding) |
Endpoint_manager_mobile | Ivanti | 12.4.0.0 (including) | 12.4.0.2 (excluding) |
Endpoint_manager_mobile | Ivanti | 12.5.0.0 (including) | 12.5.0.0 (including) |