COOEY // HUBcompliance · community · intelligence

Exposures › CVE-2023-38035

CVE-2023-38035

Severity
critical · on CISA KEV actively exploited
Source
CISA-KEV · kev
Published
2023-08-22
Reference
https://nvd.nist.gov/vuln/detail/CVE-2023-38035
⌖ exploited in the wild shame 80/100 ransomwareexploited-in-wild

Ivanti Sentry, formerly known as MobileIron Sentry, contains an authentication bypass vulnerability that may allow an attacker to bypass authentication controls on the administrative interface due to an insufficiently restrictive Apache HTTPD configuration.

Players implicated

Ivanti · vendorSentry · product

Description

Ivanti Sentry, formerly known as MobileIron Sentry, contains an authentication bypass vulnerability that may allow an attacker to bypass authentication controls on the administrative interface due to an insufficiently restrictive Apache HTTPD configuration.

Affected FedRAMP products 2 in the catalog

ProductProviderStatusMatch
Ivanti Neurons for ITSM (Formerly Service Manager) Ivanti Authorized vendor-exact · 0.90
Ivanti Neurons for MDM (Formerly MobileIron) Ivanti Authorized vendor-exact · 0.90