Ivanti Endpoint Manager Mobile (EPMM) comes with a mobile device management server that is vulnerable to both a critical authentication bypass and a directory traversal vulnerability (seen chained together in the advisory). These security bugs are exposed through the API on the system. Several protected routes on the API can be prefaced with “/mifs/aad” to bypass authentication and remotely download PII from the server. For example, the route “/mifs/aad/api/v2/authorized/users” can be used to view users and administrators on the EPMM device. Endpoint defenses, such as EDR, should detect this technique and prevent the requests from completing normally.