CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-8540
https://notcve.org/view.php?id=CVE-2024-8540
10 Dec 2024 — Insecure permissions in Ivanti Sentry before versions 9.20.2 and 10.0.2 or 10.1.0 allow a local authenticated attacker to modify sensitive application components. Insecure permissions in Ivanti Sentry before versions 9.20.2 and 10.0.2 or 10.1.0 allow a local authenticated attacker to modify sensitive application components. • https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Sentry-CVE-2024-8540 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 9.6EPSS: 1%CPEs: 1EXPL: 0CVE-2023-41724
https://notcve.org/view.php?id=CVE-2023-41724
31 Mar 2024 — A command injection vulnerability in Ivanti Sentry prior to 9.19.0 allows unauthenticated threat actor to execute arbitrary commands on the underlying operating system of the appliance within the same physical or logical network. Una vulnerabilidad de inyección de comandos en Ivanti Sentry anterior a 9.19.0 permite que un actor de amenazas no autenticado ejecute comandos arbitrarios en el sistema operativo subyacente del dispositivo dentro de la misma red física o lógica. • https://forums.ivanti.com/s/article/CVE-2023-41724-Remote-Code-Execution-for-Ivanti-Standalone-Sentry • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 10.0EPSS: 94%CPEs: 1EXPL: 5CVE-2023-38035 – Ivanti Sentry Authentication Bypass Vulnerability
https://notcve.org/view.php?id=CVE-2023-38035
21 Aug 2023 — A security vulnerability in MICS Admin Portal in Ivanti MobileIron Sentry versions 9.18.0 and below, which may allow an attacker to bypass authentication controls on the administrative interface due to an insufficiently restrictive Apache HTTPD configuration. Una vulnerabilidad de seguridad en MICS Admin Portal en Ivanti MobileIron Sentry versiones 9.18.0 y anteriores, que puede permitir a un atacante eludir los controles de autenticación en la interfaz administrativa debido a una configuración insuficiente... • https://packetstorm.news/files/id/174643 • CWE-863: Incorrect Authorization •