A security vulnerability in MICS Admin Portal in Ivanti MobileIron Sentry versions 9.18.0 and below, which may allow an attacker to bypass authentication controls on the administrative interface due to an insufficiently restrictive Apache HTTPD configuration.
References
Link | Resource |
---|---|
http://packetstormsecurity.com/files/174643/Ivanti-Sentry-Authentication-Bypass-Remote-Code-Execution.html | Exploit Third Party Advisory VDB Entry |
https://forums.ivanti.com/s/article/CVE-2023-38035-API-Authentication-Bypass-on-Sentry-Administrator-Interface | Vendor Advisory |
Configurations
History
27 Jun 2024, 18:48
Type | Values Removed | Values Added |
---|---|---|
References | () http://packetstormsecurity.com/files/174643/Ivanti-Sentry-Authentication-Bypass-Remote-Code-Execution.html - Exploit, Third Party Advisory, VDB Entry |
13 Sep 2023, 18:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
24 Aug 2023, 21:13
Type | Values Removed | Values Added |
---|---|---|
References | (MISC) https://forums.ivanti.com/s/article/CVE-2023-38035-API-Authentication-Bypass-on-Sentry-Administrator-Interface - Vendor Advisory | |
CWE | CWE-863 | |
First Time |
Ivanti
Ivanti mobileiron Sentry |
|
CPE | cpe:2.3:a:ivanti:mobileiron_sentry:*:*:*:*:*:*:*:* | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 9.8 |
21 Aug 2023, 18:35
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-08-21 17:15
Updated : 2024-08-14 15:29
NVD link : CVE-2023-38035
Mitre link : CVE-2023-38035
CVE.ORG link : CVE-2023-38035
JSON object : View
Products Affected
ivanti
- mobileiron_sentry
CWE
CWE-863
Incorrect Authorization