CVE-2023-38035

Scores

EPSS Score

0.9440

CVSS

3.x 9.8

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

All CVSS Scores

CVSS 4.0

0.0

CVSS 3.x

9.8

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS 2.0

0.0

Description

A security vulnerability in MICS Admin Portal in Ivanti MobileIron Sentry versions 9.18.0 and below, which may allow an attacker to bypass authentication controls on the administrative interface due to an insufficiently restrictive Apache HTTPD configuration.

Sources

nvd

CWEs

CWE-863

Related Vulnerabilities

BDU:2023-04838

Exploits

Exploit ID: CVE-2023-38035

Source: cisa

URL: https://www.cisa.gov/known-exploited-vulnerabilities-catalog

Reference Links

http://packetstormsecurity.com/files/174643/Ivanti-Sentry-Authentication-Bypass-Remote-Code-Execution.html

https://forums.ivanti.com/s/article/CVE-2023-38035-API-Authentication-Bypass-on-Sentry-Administrator-Interface

http://packetstormsecurity.com/files/174643/Ivanti-Sentry-Authentication-Bypass-Remote-Code-Execution.html

https://forums.ivanti.com/s/article/CVE-2023-38035-API-Authentication-Bypass-on-Sentry-Administrator-Interface

Vulnerable Software

Type: Configuration

Vendor: ivanti

Product: mobileiron_sentry

Operating System: * * *

Trait:

{
  "cpe_match": [
    {
      "cpe23uri": "cpe:2.3:a:ivanti:mobileiron_sentry:*:*:*:*:*:*:*:*",
      "versionEndIncluding": "9.18.0",
      "vulnerable": true
    }
  ],
  "operator": "OR"
}

Source: nvd