CVSS: 9.8EPSS: 97%CPEs: 1EXPL: 3CVE-2023-38035 – Ivanti Sentry Authentication Bypass Vulnerability
https://notcve.org/view.php?id=CVE-2023-38035
A security vulnerability in MICS Admin Portal in Ivanti MobileIron Sentry versions 9.18.0 and below, which may allow an attacker to bypass authentication controls on the administrative interface due to an insufficiently restrictive Apache HTTPD configuration. Una vulnerabilidad de seguridad en MICS Admin Portal en Ivanti MobileIron Sentry versiones 9.18.0 y anteriores, que puede permitir a un atacante eludir los controles de autenticación en la interfaz administrativa debido a una configuración insuficientemente restrictiva de Apache HTTPD . Ivanti Sentry, formerly known as MobileIron Sentry, contains an authentication bypass vulnerability that may allow an attacker to bypass authentication controls on the administrative interface due to an insufficiently restrictive Apache HTTPD configuration. • https://github.com/mind2hex/CVE-2023-38035 https://github.com/horizon3ai/CVE-2023-38035 http://packetstormsecurity.com/files/174643/Ivanti-Sentry-Authentication-Bypass-Remote-Code-Execution.html https://forums.ivanti.com/s/article/CVE-2023-38035-API-Authentication-Bypass-on-Sentry-Administrator-Interface • CWE-863: Incorrect Authorization •
CVSS: 9.0EPSS: 0%CPEs: 2EXPL: 1CVE-2021-3540 – Ivanti MobileIron Core clish Restricted Shell Escape via Argument Injection
https://notcve.org/view.php?id=CVE-2021-3540
By abusing the 'install rpm info detail' command, an attacker can escape the restricted clish shell on affected versions of Ivanti MobileIron Core. This issue was fixed in version 11.1.0.0. Al abusar del comando "install rpm info detail", un atacante puede escapar del shell clish restringido en las versiones afectadas de Ivanti MobileIron Core. Este problema fue corrregido en versión 11.1.0.0 • https://www.rapid7.com/blog/post/2021/06/02/untitled-cve-2021-3198-and-cve-2021-3540-mobileiron-shell-escape-privilege-escalation-vulnerabilities • CWE-88: Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') •
CVSS: 9.0EPSS: 0%CPEs: 2EXPL: 1CVE-2021-3198 – Ivanti MobileIron Core clish Restricted Shell Escape via OS Command Injection
https://notcve.org/view.php?id=CVE-2021-3198
By abusing the 'install rpm url' command, an attacker can escape the restricted clish shell on affected versions of Ivanti MobileIron Core. This issue was fixed in version 11.1.0.0. Al abusar del comando "install rpm url", un atacante puede escapar del shell clish restringido en las versiones afectadas de Ivanti MobileIron Core. Este problema fue corregido en versión 11.1.0.0 • https://www.rapid7.com/blog/post/2021/06/02/untitled-cve-2021-3198-and-cve-2021-3540-mobileiron-shell-escape-privilege-escalation-vulnerabilities • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •