Start Free with Advance Plan

AppTrana Overview

AppTrana

Billing

CDN

Dashboard

Detect page

Protect page

Monitor page

API Scan Coverage for OWASP Top 10

Whitelist Vulnerabilities on the AppTrana WAAP

API Request to Purge CDN Data

Analysis page - Attack Trend Visualisation

Advanced Behavioral DDoS

BOT Protection

Asset Discovery

Customize Application Behavior with Bot Score

Restricted Admin User

Self Service Rules

Configuring Custom Error Page in AppTrana

Enabling SIEM Integration

API Discovery Feature

SwyftComply

Analysis page - Access Trend Visualization

Manage WAAP Email Alerts

Enable and Configure Single Sign-On

WAF Automated Bypass and Unbypass

False Positive Analysis Report on WAAP

Dashboard

Overview

Detect

Protect

Monitor

Analysis

Settings

Manage

Profile

Add Application

Change Plan

How to Connect Your SIEM to AppTrana

Indusface Partner APIs

Process of Mapping Alias Domain

Apptrana Protection WAF Rules Coverage

AppTrana API Protection - OWASP Top 10 of 2019

SAML Integration with Azure for Single Sign-On

Onboard into Indusface WAS

Summary

Dashboard

Malware Monitoring[MM]

Application Audit[AA]

Vulnerability Assessment[VA]

Reports

Settings

Asset Monitoring

New Reporting Structure

Summary & Dashboard

Reports and Settings

Website Settings

AcuRisQ – Risk Management with Advanced Risk Scoring

WAS Consulting License

API Key Based - Scan Log Export

WAS Defacement Checks

SIEM Integration with Sumo Logic

Indusface WAS Scanned Vulnerabilities

Create new user

Access Total Application Security – BYOL

Configuring Total Application Security - BYOL

Access Total Application Security on AWS Marketplace

Configure Total Application Security

Deployment Modes

Apptrana Login after TAS Configuration

Total Application Security Instance Guidance Manual

Routing Change

Total Application Security AMI SSL Configuration

Total Application Security Reference Architectures for AWS Deployment

Prerequisites for OVF, SaaS, Marketplace, and BYOL deployments

OVF Onboarding

Putty Installation

Indusface Product Newsletter - October 2021

Indusface Product Newsletter- April 2021

Indusface Product Newsletter-January21

Indusface Product Newsletter - June 20

Indusface Product Newsletter - October 19

Indusface Product Newsletter - August 19

Product Newsletter of May 19

Product Newsletter of March 19

Product Newsletter of January 19

WAF Portal Revamp June 18

Product Newsletter of July 18

Product Newsletter of May 18

Product Newsletter of March 18

Product Newsletter of February 18

Product Newsletter of January 18

Indusface Product Newsletter - March 2022

Indusface Product Newsletter - February 2023

Indusface Product Newsletter- October 2022

Vulnerability Report of May 23

Vulnerability Report of March 23

Vulnerability Report of August 23

Vulnerability Report of July 23

Vulnerability Report of April 23

Vulnerability Report of November 23

Vulnerability Report of June 23

Vulnerability Report of December 23

Vulnerability Report of February 23

Vulnerability Report of January 23

Vulnerability Report of September 23

Vulnerability Report of October 23

CRS vs. Zero Day Vulnerability - December 2016

CRS vs. Zero Day Vulnerability - November 2016

CRS vs. Zero Day Vulnerability - October 2016

CRS vs Zero Day Vulnerability - September 2016

CRS Vs Zero Day Vulnerabilities - August 2016

Vulnerability report for Apr 3rd - Apr 9th 17

Vulnerability report for April 17th - Apr 23rd 17

Vulnerability report of April 10th - April 16th

Vulnerability report for Mar 20th - Mar 26th

Vulnerability report for Mar 13th - Mar 19th

Vulnerability report for 27th Feb - 5th Mar

Vulnerability report for Mar 27th - Apr 2nd

Vulnerability report for Mar 6th - Mar 12th

Vulnerability report for 30th Jan - 19th Feb

Vulnerability report from 16th Jan - 29th Jan

Vulnerabilities detected from 2nd Jan - 8th Jan

Vulnerability Report of December 17

Vulnerability Report of November 17

Vulnerability Report of August 17

Vulnerability Report of September 17

Vulnerability Report of October 17

Vulnerability Report of July 17

Vulnerability Report of June 17

Vulnerability Report of May 17

Vulnerability Report of December 18

Vulnerability Report of November 18

Vulnerability Report of October 18

Vulnerability Report of September 18

Vulnerability Report of August 18

Vulnerability Report of July 18

Vulnerability Report of June 18

Vulnerability Reports of May 18

Vulnerability Report of April 18

Vulnerability Report of March 18

Vulnerability Report of February 18

Vulnerability Report of January 18

Vulnerability Report of December 19

Vulnerability Report of November 19

Vulnerability Report of October 19

Vulnerability Report of September 19

Vulnerability Report of August 19

Vulnerability Report of July 19

Vulnerability Report of June 19

Vulnerability Report of May 19

Vulnerability Report of April 19

Vulnerability Report of March 19

Vulnerability Report of February 19

Vulnerability Report of January 19

Vulnerability Report of December 20

Vulnerability Report of November 20

Vulnerability Report of October 20

Vulnerability Report of Sep 20

Vulnerability Report of July 20

Vulnerability Report of June 20

Vulnerability Report of May 20

Vulnerability Report of April 20

Vulnerability Report of March 20

Vulnerability Report of February 20

Vulnerability Report of January 20

Vulnerability Report of November 21

Vulnerability Report of October 21

Vulnerability Report of September 21

Vulnerability Report of August 21

Vulnerability Report of July 21

Vulnerability Report of June 21

Vulnerability Report of May 21

Vulnerability Report of April 21

Vulnerability Report of March 21

Vulnerability Report of February 21

Vulnerability Report of January 21

Vulnerability Report of December 21

Vulnerability Report of January 22

Vulnerability Report of February 22

Vulnerability Report of March 22

Vulnerability Report of April 22

Vulnerability Report of May 22

Vulnerability Report of June 22

Vulnerability Report of July 22

Vulnerability Report of August 22

Vulnerability Report of September 22

Vulnerability Report of October 22

Vulnerability Report of November 22

Zero-Day Vulnerability Report - December 2022

Vulnerability Report of February 2024

Vulnerability Report of January 2024

Vulnerability Report of March 2024

Critical Apache OFBiz Zero-day AuthBiz (CVE-2023-49070 and CVE-2023-51467)

ScreenConnect Authentication Bypass (CVE-2024-1709 & CVE-2024-1708)

CVE-2024-1071 – Critical Vulnerability in Ultimate Member WordPress Plugin

Oracle WebLogic Server Deserialization

ApacheStructs_VG

Apache Struts 2 Vulnerability CVE-2023-50164 Exposed

Unpacking the Zimbra Cross-Site Scripting Vulnerability(CVE-2023-37580)

Adobe ColdFusion Vulnerabilities Exploited in the Wild

Remote Unauthenticated API Access Vulnerabilities in Ivanti

Multiple Moveit Transfer Vulnerabilities

HTTP/2 Rapid Reset Attack Vulnerability

Apache log4j RCE vulnerability

Reported Vulnerabilities on Ivanti
CVE-2023-35078
Active Exploitations
CVE-2023-35082
Prevention and Mitigation:
AppTrana WAAP Threat Coverage
References

All Categories
Security Bulletin

Remote Unauthenticated API Access Vulnerabilities in Ivanti

Remote Unauthenticated API Access Vulnerabilities in Ivanti

Updated 8 months ago by Rama Sadhu

Reported Vulnerabilities on Ivanti
CVE-2023-35078
Active Exploitations
CVE-2023-35082
Prevention and Mitigation:
AppTrana WAAP Threat Coverage
References

Ivanti has warned users of its Endpoint Manager Mobile (EPMM) mobile device management (MDM) platform, urging immediate actions to address two vulnerabilities – including a zero-day exploit.

These vulnerabilities can potentially be exploited by an unauthorized attacker, leading to unauthorized access to sensitive data and the execution of malicious actions on the affected system.

Reported Vulnerabilities on Ivanti

Formerly known as MobileIron Core, Ivanti Endpoint Manager Mobile (EPMM) is a management platform that provides organizations with the means to manage mobile devices, including smartphones and tablets.

As of now, Ivanti has disclosed two vulnerabilities:

CVE-2023-35078 (July 24, 2023)
CVE-2023-35082 (August 2, 2023

CVE-2023-35078

Severity: Critical

CVSSv3.1: Base Score: 10.0 CRITICAL

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

CVSSv2: Base Score: 9.3 HIGH

Vector: (AV:N/AC:M/Au:N/C:C/I:C/A:C)

Exploit available in public: Yes.

Exploit complexity: Low

CVE-2023-35078 is a remote unauthenticated API access vulnerability that affects Ivanti EPMM. An unauthorized attacker can potentially exploit this vulnerability to gain unauthorized access to sensitive data and perform malicious actions on the affected system.

Successful exploitation of this vulnerability could lead to various security risks, including but not limited to:

Unauthorized access to sensitive information stored within Ivanti EPMM.
Execution of unauthorized administrative actions, potentially compromising the integrity and availability of your data and resources
Unintended disclosure of confidential data to unauthorized parties

All supported versions, including Version 11.4 with its releases 11.10, 11.9, and 11.8, are affected by this vulnerability. Furthermore, this issue also extends to product versions that no longer receive support.

In response to the identified vulnerability, Ivanti promptly released patches for versions 11.8.1.1, 11.9.1.1, and 11.10.0.2

For EPMM Unsupported Releases (<11.8.1.0), Ivanti highly recommends upgrading to the latest version of EPMM; if you cannot upgrade, apply an RPM fix.

Active Exploitations

Ivanti has confirmed instances of CVE-2023-35078 being exploited in real-world scenarios, impacting a "very limited number of customers." Further validating this, the Norwegian National Security Authority (NSM) has affirmed the utilization of CVE-2023-35078 to breach a government-operated software platform.

In parallel, the CISA also issued an advisory regarding the vulnerability, incorporating it into their Known Exploited Vulnerabilities (KEV) list.

CVE-2023-35082

Severity: Critical

CVSSv3.1: Base Score: 10.0 CRITICAL

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

CVSSv2: Base Score: 9.3 HIGH

Vector: (AV:N/AC:M/Au:N/C:C/I:C/A:C)

Exploit available in public: Yes.

Exploit complexity: Low

CVE-2023-35082 is another remote unauthenticated API access vulnerability that affects Mobilelron Core versions 11.2 and older. Like CVE-2023-35078, this vulnerability can enable a remote unauthenticated attacker to access API endpoints on a publicly exposed management server, utilizing them for diverse operations.

The vulnerability was incidentally resolved in MobileIron Core 11.3 as part of work on a product bug.

MobileIron Core 11.2 has been out of support since March 15, 2022.

Prevention and Mitigation:

Without delay, apply the relevant updates provided by Ivanti to vulnerable systems, following proper testing.

Employ vulnerability scanning to identify possible software vulnerabilities that require mitigation.

Implement the Principle of Least Privilege across all systems and services. Running software with non-administrative privileges helps minimize the impact of a successful attack.

AppTrana WAAP Threat Coverage

AppTrana customers are protected from these vulnerabilities from Day 0.

Apart from the patches provided by the vendor, AppTrana WAAP offers additional protection patterns that can serve as an extra layer of defense against potential exploits.

To ensure the security of our customers, Indusface managed security team developed the rules to generate Ivanti-related alerts and block attempts to exploit.

Rule ID	Name
99901	Remote Unauthenticated API Access Vulnerability (CVE-2023-35078)

References

Advisory:https://forums.ivanti.com/s/article/CVE-2023-35078-Remote-unauthenticated-API-access-vulnerability?language=en_US

Advisory:https://forums.ivanti.com/s/article/CVE-2023-35082-Remote-Unauthenticated-API-Access-Vulnerability-in-MobileIron-Core-11-2-and-older?language=en_US

Patch:https://forums.ivanti.com/s/article/KB-Remote-unauthenticated-API-access-vulnerability-CVE-2023-35078?language=en_US

Table of Contents

Remote Unauthenticated API Access Vulnerabilities in Ivanti

Reported Vulnerabilities on Ivanti

CVE-2023-35078

Active Exploitations

CVE-2023-35082

Prevention and Mitigation:

AppTrana WAAP Threat Coverage

References

How did we do?

Adobe ColdFusion Vulnerabilities Exploited in the Wild

Multiple Moveit Transfer Vulnerabilities

You might also want to read

Adobe ColdFusion Vulnerabilities Exploited in the Wild

Critical Apache OFBiz Zero-day AuthBiz (CVE-2023-49070 and CVE-2023-51467)

Apptrana Protection WAF Rules Coverage

Table of Contents

Reported Vulnerabilities on Ivanti

CVE-2023-35078

Active Exploitations

CVE-2023-35082

Prevention and Mitigation:

AppTrana WAAP Threat Coverage

References

How did we do?

Adobe ColdFusion Vulnerabilities Exploited in the Wild

Multiple Moveit Transfer Vulnerabilities

You might also want to read

Adobe ColdFusion Vulnerabilities Exploited in the Wild

Critical Apache OFBiz Zero-day AuthBiz (CVE-2023-49070 and CVE-2023-51467)

Apptrana Protection WAF Rules Coverage

Contact