CVE-2023-38035

A security vulnerability in MICS Admin Portal in Ivanti MobileIron Sentry versions 9.18.0 and below, which may allow an attacker to bypass authentication controls on the administrative interface due to an insufficiently restrictive Apache HTTPD configuration.
Configurations

Configuration 1 (hide)

cpe:2.3:a:ivanti:mobileiron_sentry:*:*:*:*:*:*:*:*

History

27 Jun 2024, 18:48

Type Values Removed Values Added
References () http://packetstormsecurity.com/files/174643/Ivanti-Sentry-Authentication-Bypass-Remote-Code-Execution.html - () http://packetstormsecurity.com/files/174643/Ivanti-Sentry-Authentication-Bypass-Remote-Code-Execution.html - Exploit, Third Party Advisory, VDB Entry

13 Sep 2023, 18:15

Type Values Removed Values Added
References
  • (MISC) http://packetstormsecurity.com/files/174643/Ivanti-Sentry-Authentication-Bypass-Remote-Code-Execution.html -

24 Aug 2023, 21:13

Type Values Removed Values Added
References (MISC) https://forums.ivanti.com/s/article/CVE-2023-38035-API-Authentication-Bypass-on-Sentry-Administrator-Interface - (MISC) https://forums.ivanti.com/s/article/CVE-2023-38035-API-Authentication-Bypass-on-Sentry-Administrator-Interface - Vendor Advisory
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 9.8
CWE CWE-863
CPE cpe:2.3:a:ivanti:mobileiron_sentry:*:*:*:*:*:*:*:*
First Time Ivanti
Ivanti mobileiron Sentry

21 Aug 2023, 18:35

Type Values Removed Values Added
New CVE

Information

Published : 2023-08-21 17:15

Updated : 2024-08-14 15:29


NVD link : CVE-2023-38035

Mitre link : CVE-2023-38035

CVE.ORG link : CVE-2023-38035


JSON object : View

Products Affected

ivanti

  • mobileiron_sentry
CWE
CWE-863

Incorrect Authorization