CVE-2023-38035

CVSS 3.1 Score 9.8 of 10 (high)

Details

Published Aug 21, 2023

Updated: Dec 20, 2024

CWE ID 863

Summary

CVE-2023-38035 is a newly disclosed vulnerability affecting Ivanti MobileIron Sentry versions 9.18.0 and below. The issue lies in the MICS Admin Portal's Apache HTTPD configuration, which is deemed insufficiently restrictive. An attacker can exploit this weakness to bypass authentication controls on the administrative interface, putting sensitive data at risk. This vulnerability poses a significant threat to organizations using outdated Ivanti MobileIron Sentry versions and emphasizes the importance of timely software updates and secure configurations.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Ivanti Software Inc.

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/r9gc67
https://www.cve.org/CVERecord?id=CVE-2023-38035
https://nvd.nist.gov/vuln/detail/CVE-2023-38035

Back to Vulnerability Database

CVE-2023-38035

CVSS 3.1 Score 9.8 of 10 (high)

Details

Summary

Affected Vendors

Advisories, Assessments, and Mitigations