Is anyone else getting a bunch of false positives from this new check? Since the check was released yesterday, it’s showing up all over my environment on machines that have nothing to do with Mobile Iron or Ivanti. For example, we have storage systems and network devices that are giving positive results to the check.
The Proof section is pretty vague. This is from one my my machines, but other machines are pretty identical results wise.
Running HTTPS service
HTTP GET request to
HTTP response code was 404 but expected 200
HTTP GET request to
HTTP response code was an expected 401
Yes seeing same stuff. It seems like this checks tries to access a certain url. If the webservice responds with a certain HTTP code (ex 200) then it’s deemed vulnerable. So i’m guessing if a HTTP service redirects this HTTP query and still reports an HTTP code, then IVM deems it vulnerable.
We have identified an issue with the check logic for CVE-2023-35078. We are currently working on rectifying this, and I will provide an update when I can confirm when this is shipping out.
so far for what i can see, it seems like using the API mifs/aad/api/v2/ping on any webserver will redirect to the device’s default index page which will then provide a 200/401 response. hence getting the false positive.
We are experiencing the same detections which for us are false positive. We don’t use Ivanti EPMM. We have Endpoint Manager but not Mobile product I thought the detection would include checks for the core software installed and the url check as a secondary since it would be required to have EPMM core installed to be leveraged.
We’re also seeing these false positives since last week, despite doing a re-scan last night. Which InsightVM content version should we be on to get the updated detection? We have 1.1.2931.
We saw this pop-up against our Aruba APs. While we don’t use EPMM in our environment, there was a vulnerability that we found against our APs once we started investigating. It was not flagged by R7… weird… since we patched the APs I have not seen any more EPMM alerts… but maybe it’s a coincidence…