CVE-2023-38035
Ivanti Sentry Authentication Bypass Vulnerability
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
3Exploited in Wild
YesDecision
Descriptions
A security vulnerability in MICS Admin Portal in Ivanti MobileIron Sentry versions 9.18.0 and below, which may allow an attacker to bypass authentication controls on the administrative interface due to an insufficiently restrictive Apache HTTPD configuration.
Una vulnerabilidad de seguridad en MICS Admin Portal en Ivanti MobileIron Sentry versiones 9.18.0 y anteriores, que puede permitir a un atacante eludir los controles de autenticaciĆ³n en la interfaz administrativa debido a una configuraciĆ³n insuficientemente restrictiva de Apache HTTPD .
Ivanti Sentry, formerly known as MobileIron Sentry, contains an authentication bypass vulnerability that may allow an attacker to bypass authentication controls on the administrative interface due to an insufficiently restrictive Apache HTTPD configuration.
CVSS Scores
SSVC
- Decision:Act
Timeline
- 2023-07-12 CVE Reserved
- 2023-08-21 CVE Published
- 2023-08-22 Exploited in Wild
- 2023-08-23 First Exploit
- 2023-09-12 KEV Due Date
- 2024-08-02 CVE Updated
- 2024-10-30 EPSS Updated
CWE
- CWE-863: Incorrect Authorization
CAPEC
References (4)
URL | Tag | Source |
---|
URL | Date | SRC |
---|---|---|
https://github.com/mind2hex/CVE-2023-38035 | 2023-09-05 | |
https://github.com/horizon3ai/CVE-2023-38035 | 2023-08-23 | |
http://packetstormsecurity.com/files/174643/Ivanti-Sentry-Authentication-Bypass-Remote-Code-Execution.html | 2024-08-02 |
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Ivanti Search vendor "Ivanti" | Mobileiron Sentry Search vendor "Ivanti" for product "Mobileiron Sentry" | <= 9.18.0 Search vendor "Ivanti" for product "Mobileiron Sentry" and version " <= 9.18.0" | - |
Affected
|