Vulnerability feed

Vulnerability

CVE-2023-38035

Reference to the description:: https://nvd.nist.gov/vuln/detail/CVE-2023-38035
Description:: A security vulnerability in MICS Admin Portal in Ivanti MobileIron Sentry versions 9.18.0 and below, which may allow an attacker to bypass authentication controls on the administrative interface due to an insufficiently restrictive Apache HTTPD configuration.
Last updated date:: 08/14/2024

Reports

alt

ACTIVELY EXPLOITED

Type:: exploitation
Confidence:: HIGH
Date of publishing:: 08/21/2023
Reference url to background: https://www.ivanti.com/blog/cve-2023-38035-vulnerability-affecting-ivanti-sentry

Type:: exploitation
Confidence:: HIGH
Date of publishing:: 08/22/2023
Reference url to background: https://www.cisa.gov/known-exploited-vulnerabilities-catalog

Type:: exploit
Confidence:: HIGH
Date of publishing:: 08/23/2023
Reference url to background: https://github.com/horizon3ai/CVE-2023-38035

Type:: exploit
Confidence:: HIGH
Date of publishing:: 08/24/2023
Reference url to background: https://github.com/LeakIX/sentryexploit

Type:: exploit
Confidence:: HIGH
Date of publishing:: 09/12/2023
Reference url to background: https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/http/ivanti_sentry_misc_log_service.rb

Type:: exploit
Confidence:: HIGH
Date of publishing:: 06/27/2024
Reference url to background: http://packetstormsecurity.com/files/174643/Ivanti-Sentry-Authentication-Bypass-Remote-Code-Execution.html

Vulnerability Feed Contributors About Blog

@inTheWild

©2024 |