Vulnerability in Ivanti Endpoint Manager Mobile: Tenable
Technology for You
A vulnerability has been discovered in Ivanti Endpoint Manager Mobile that allows unauthenticated access to specific API paths. Exploiting this vulnerability grants attackers access to usersâ personally identifiable information (PII) on vulnerable systems, including names, phone numbers, and other mobile device details. Additionally, attackers can carry out other configuration changes, even creating an administrative account within EPMM to make further modifications to the system. Ivanti has reported that a credible source has provided information regarding active exploitation of this vulnerability. To safeguard our system and the sensitive data it holds, we must take swift action.

With patches available for this flaw, organisations that utilise Ivanti Endpoint Manager Mobile (formerly MobileIron Core) should apply these patches immediately.
Link: https://www.technologyforyou.org/vulnerability-in-ivanti-endpoint-manager-mobile-tenable/