CVE-2023-38035 (GCVE-0-2023-38035)
Vulnerability from cvelistv5 – Published: 2023-08-21 16:51 – Updated: 2025-10-21 23:05Summary
A security vulnerability in MICS Admin Portal in Ivanti MobileIron Sentry versions 9.18.0 and below, which may allow an attacker to bypass authentication controls on the administrative interface due to an insufficiently restrictive Apache HTTPD configuration.
Severity
9.8 (Critical)
SSVC
Exploitation: active
Automatable: yes
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-863 - Incorrect Authorization
Assigner
References
3 references
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Ivanti | MobileIron Sentry |
Affected:
9.18.0 and below , < 9.18.0 and below
(custom)
|
|
| ivanti | mobileiron_sentry |
Affected:
0 , ≤ 9.18.0
(custom)
cpe:2.3:a:ivanti:mobileiron_sentry:*:*:*:*:*:*:*:* |
CISA
Known Exploited Vulnerability - GCVE BCP-07 Compliant
KEV entry ID: 3c83e699-090e-4ce6-a3b7-5d27724110f2
Exploited: Yes
Timestamps
First Seen: 2023-08-22
Asserted: 2023-08-22
Scope
Notes: KEV entry: Ivanti Sentry Authentication Bypass Vulnerability | Affected: Ivanti / Sentry | Description: Ivanti Sentry, formerly known as MobileIron Sentry, contains an authentication bypass vulnerability that may allow an attacker to bypass authentication controls on the administrative interface due to an insufficiently restrictive Apache HTTPD configuration. | Required action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. | Due date: 2023-09-12 | Known ransomware campaign use (KEV): Known | Notes (KEV): https://forums.ivanti.com/s/article/CVE-2023-38035-API-Authentication-Bypass-on-Sentry-Administrator-Interface?language=en_US ; https://nvd.nist.gov/vuln/detail/CVE-2023-38035
Evidence
Type: Vendor Report
Signal: Successful Exploitation
Confidence: 80%
Source: cisa-kev
Details
| Cwes | CWE-863 |
|---|---|
| Feed | CISA Known Exploited Vulnerabilities Catalog |
| Product | Sentry |
| Due Date | 2023-09-12 |
| Date Added | 2023-08-22 |
| Vendorproject | Ivanti |
| Vulnerabilityname | Ivanti Sentry Authentication Bypass Vulnerability |
| Knownransomwarecampaignuse | Known |
References
Created: 2026-02-02 12:26 UTC
| Updated: 2026-02-06 07:17 UTC
Shadowserver
Known Exploited Vulnerability - GCVE BCP-07 Compliant
KEV entry ID: b3529e69-23ae-4120-91ad-1af10116481b
Exploited: Yes
Characteristics
Severity:
98.0
Timestamps
First Seen: 2023-10-14
Asserted: 2023-10-14
Last Seen: 2023-10-14
Scope
Asset Exposure: ['internet-facing']
Notes: Affected: Ivanti / Sentry | Class: other-software | Severity: Critical (CVSS 9.8) | IoT: no | In CISA KEV: yes | Honeypot connections on 2023-10-03: 6
Evidence
Type: Honeypot
Signal: In The Wild Attempts
Confidence: 70%
Source: shadowserver
Details
| 1D | 1 |
|---|---|
| Iot | no |
| Feed | Shadowserver Foundation honeypot/exploited-vulnerabilities |
| Type | http-scan |
| Class | other-software |
| 7D Avg | 0 |
| Vendor | Ivanti |
| 30D Avg | 0 |
| 90D Avg | 0 |
| Product | Sentry |
| Cisa Kev | yes |
| Connections | 6 |
| Observation Date | 2023-10-03 |
| Vulnerability Class | CVSS |
| Vulnerability Score | 9.8 |
| Vulnerability Severity | Critical |
References
Created: 2026-06-30 09:59 UTC
| Updated: 2026-06-30 15:15 UTC
KEVIntel
Known Exploited Vulnerability - GCVE BCP-07 Compliant
KEV entry ID: 9541f16e-377f-4411-815f-37c4f57661f8
Exploited: Yes
Timestamps
First Seen: 2023-08-22
Asserted: 2023-08-22
Scope
Notes: KEVIntel entry: A security vulnerability in MICS Admin Portal in Ivanti MobileIron Sentry versions 9.18.0 and below, which may allow an attacker to bypass... | Affected: Ivanti / MobileIron Sentry | CVSS: 9.8 (CRITICAL) | EPSS: 0.99949 | Used in malware: yes | Not yet in CISA KEV: False
Evidence
Type: Public Report
Signal: Confirmed Compromise
Confidence: 70%
Source: kevintel
Details
| Feed | KEVIntel (kevintel.com) |
|---|---|
| Title | A security vulnerability in MICS Admin Portal in Ivanti MobileIron Sentry versions 9.18.0 and below, which may allow an attacker to bypass... |
| Vendor | Ivanti |
| Product | MobileIron Sentry |
| Added Date | 2023-08-22T00:00:00.000Z |
| Cvss Score | 9.8 |
| Epss Score | 0.99949 |
| Cvss Severity | CRITICAL |
| Epss Percentile | 0.99972 |
| Used In Malware | yes |
| Ahead Of Cisa Kev | None |
| Not Yet In Cisa Kev | False |
References
Created: 2026-06-23 14:05 UTC
| Updated: 2026-06-23 14:05 UTC
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:ivanti:mobileiron_sentry:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mobileiron_sentry",
"vendor": "ivanti",
"versions": [
{
"lessThanOrEqual": "9.18.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-38035",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-16T03:55:31.632449Z",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2023-08-22",
"reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-38035"
},
"type": "kev"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-863",
"description": "CWE-863 Incorrect Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-21T23:05:40.307Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-38035"
}
],
"timeline": [
{
"lang": "en",
"time": "2023-08-22T00:00:00.000Z",
"value": "CVE-2023-38035 added to CISA KEV"
}
],
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T17:30:12.367Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://forums.ivanti.com/s/article/CVE-2023-38035-API-Authentication-Bypass-on-Sentry-Administrator-Interface"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/174643/Ivanti-Sentry-Authentication-Bypass-Remote-Code-Execution.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "MobileIron Sentry",
"vendor": "Ivanti",
"versions": [
{
"lessThan": "9.18.0 and below",
"status": "affected",
"version": "9.18.0 and below",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A security vulnerability in MICS Admin Portal in Ivanti MobileIron Sentry versions 9.18.0 and below, which may allow an attacker to bypass authentication controls on the administrative interface due to an insufficiently restrictive Apache HTTPD configuration."
}
],
"providerMetadata": {
"dateUpdated": "2023-09-13T17:06:24.335Z",
"orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"shortName": "hackerone"
},
"references": [
{
"url": "https://forums.ivanti.com/s/article/CVE-2023-38035-API-Authentication-Bypass-on-Sentry-Administrator-Interface"
},
{
"url": "http://packetstormsecurity.com/files/174643/Ivanti-Sentry-Authentication-Bypass-Remote-Code-Execution.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"assignerShortName": "hackerone",
"cveId": "CVE-2023-38035",
"datePublished": "2023-08-21T16:51:20.678Z",
"dateReserved": "2023-07-12T01:00:11.880Z",
"dateUpdated": "2025-10-21T23:05:40.307Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"cisa_known_exploited": {
"cveID": "CVE-2023-38035",
"cwes": "[\"CWE-863\"]",
"dateAdded": "2023-08-22",
"dueDate": "2023-09-12",
"knownRansomwareCampaignUse": "Known",
"notes": "https://forums.ivanti.com/s/article/CVE-2023-38035-API-Authentication-Bypass-on-Sentry-Administrator-Interface?language=en_US ; https://nvd.nist.gov/vuln/detail/CVE-2023-38035",
"product": "Sentry",
"requiredAction": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.",
"shortDescription": "Ivanti Sentry, formerly known as MobileIron Sentry, contains an authentication bypass vulnerability that may allow an attacker to bypass authentication controls on the administrative interface due to an insufficiently restrictive Apache HTTPD configuration.",
"vendorProject": "Ivanti",
"vulnerabilityName": "Ivanti Sentry Authentication Bypass Vulnerability"
},
"epss": {
"cve": "CVE-2023-38035",
"date": "2026-06-30",
"epss": "0.99949",
"percentile": "0.99972"
},
"fkie_nvd": {
"cisaActionDue": "2023-09-12",
"cisaExploitAdd": "2023-08-22",
"cisaRequiredAction": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.",
"cisaVulnerabilityName": "Ivanti Sentry Authentication Bypass Vulnerability",
"configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ivanti:mobileiron_sentry:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"9.18.0\", \"matchCriteriaId\": \"D4028148-D123-4F9A-9785-8489CE5DBC8A\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"A security vulnerability in MICS Admin Portal in Ivanti MobileIron Sentry versions 9.18.0 and below, which may allow an attacker to bypass authentication controls on the administrative interface due to an insufficiently restrictive Apache HTTPD configuration. \"}, {\"lang\": \"es\", \"value\": \"Una vulnerabilidad de seguridad en MICS Admin Portal en Ivanti MobileIron Sentry versiones 9.18.0 y anteriores, que puede permitir a un atacante eludir los controles de autenticaci\\u00f3n en la interfaz administrativa debido a una configuraci\\u00f3n insuficientemente restrictiva de Apache HTTPD .\"}]",
"id": "CVE-2023-38035",
"lastModified": "2024-12-20T17:50:25.653",
"metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 9.8, \"baseSeverity\": \"CRITICAL\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 5.9}, {\"source\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 9.8, \"baseSeverity\": \"CRITICAL\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 5.9}]}",
"published": "2023-08-21T17:15:47.457",
"references": "[{\"url\": \"http://packetstormsecurity.com/files/174643/Ivanti-Sentry-Authentication-Bypass-Remote-Code-Execution.html\", \"source\": \"support@hackerone.com\", \"tags\": [\"Exploit\", \"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://forums.ivanti.com/s/article/CVE-2023-38035-API-Authentication-Bypass-on-Sentry-Administrator-Interface\", \"source\": \"support@hackerone.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://packetstormsecurity.com/files/174643/Ivanti-Sentry-Authentication-Bypass-Remote-Code-Execution.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\", \"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://forums.ivanti.com/s/article/CVE-2023-38035-API-Authentication-Bypass-on-Sentry-Administrator-Interface\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}]",
"sourceIdentifier": "support@hackerone.com",
"vulnStatus": "Analyzed",
"weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-863\"}]}, {\"source\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-863\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2023-38035\",\"sourceIdentifier\":\"support@hackerone.com\",\"published\":\"2023-08-21T17:15:47.457\",\"lastModified\":\"2026-06-17T06:09:16.930\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A security vulnerability in MICS Admin Portal in Ivanti MobileIron Sentry versions 9.18.0 and below, which may allow an attacker to bypass authentication controls on the administrative interface due to an insufficiently restrictive Apache HTTPD configuration.\"},{\"lang\":\"es\",\"value\":\"Una vulnerabilidad de seguridad en MICS Admin Portal en Ivanti MobileIron Sentry versiones 9.18.0 y anteriores, que puede permitir a un atacante eludir los controles de autenticaci\u00f3n en la interfaz administrativa debido a una configuraci\u00f3n insuficientemente restrictiva de Apache HTTPD .\"}],\"affected\":[{\"source\":\"support@hackerone.com\",\"affectedData\":[{\"vendor\":\"Ivanti\",\"product\":\"MobileIron Sentry\",\"defaultStatus\":\"unaffected\",\"versions\":[{\"version\":\"9.18.0 and below\",\"lessThan\":\"9.18.0 and below\",\"versionType\":\"custom\",\"status\":\"affected\"}]}]},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"affectedData\":[{\"vendor\":\"ivanti\",\"product\":\"mobileiron_sentry\",\"defaultStatus\":\"unknown\",\"cpes\":[\"cpe:2.3:a:ivanti:mobileiron_sentry:*:*:*:*:*:*:*:*\"],\"versions\":[{\"version\":\"0\",\"lessThanOrEqual\":\"9.18.0\",\"versionType\":\"custom\",\"status\":\"affected\"}]}]}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9}],\"ssvcV203\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"ssvcData\":{\"timestamp\":\"2024-07-16T03:55:31.632449Z\",\"id\":\"CVE-2023-38035\",\"options\":[{\"exploitation\":\"active\"},{\"automatable\":\"yes\"},{\"technicalImpact\":\"total\"}],\"role\":\"CISA Coordinator\",\"version\":\"2.0.3\"}}]},\"cisaExploitAdd\":\"2023-08-22\",\"cisaActionDue\":\"2023-09-12\",\"cisaRequiredAction\":\"Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.\",\"cisaVulnerabilityName\":\"Ivanti Sentry Authentication Bypass Vulnerability\",\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-863\"}]},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-863\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ivanti:mobileiron_sentry:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"9.18.0\",\"matchCriteriaId\":\"D4028148-D123-4F9A-9785-8489CE5DBC8A\"}]}]}],\"references\":[{\"url\":\"http://packetstormsecurity.com/files/174643/Ivanti-Sentry-Authentication-Bypass-Remote-Code-Execution.html\",\"source\":\"support@hackerone.com\",\"tags\":[\"Exploit\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://forums.ivanti.com/s/article/CVE-2023-38035-API-Authentication-Bypass-on-Sentry-Administrator-Interface\",\"source\":\"support@hackerone.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://packetstormsecurity.com/files/174643/Ivanti-Sentry-Authentication-Bypass-Remote-Code-Execution.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://forums.ivanti.com/s/article/CVE-2023-38035-API-Authentication-Bypass-on-Sentry-Administrator-Interface\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-38035\",\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"tags\":[\"US Government Resource\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://forums.ivanti.com/s/article/CVE-2023-38035-API-Authentication-Bypass-on-Sentry-Administrator-Interface\", \"tags\": [\"x_transferred\"]}, {\"url\": \"http://packetstormsecurity.com/files/174643/Ivanti-Sentry-Authentication-Bypass-Remote-Code-Execution.html\", \"tags\": [\"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-02T17:30:12.367Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 9.8, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"CRITICAL\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"HIGH\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2023-38035\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"active\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-07-16T03:55:31.632449Z\"}}}, {\"other\": {\"type\": \"kev\", \"content\": {\"dateAdded\": \"2023-08-22\", \"reference\": \"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-38035\"}}}], \"affected\": [{\"cpes\": [\"cpe:2.3:a:ivanti:mobileiron_sentry:*:*:*:*:*:*:*:*\"], \"vendor\": \"ivanti\", \"product\": \"mobileiron_sentry\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"9.18.0\"}], \"defaultStatus\": \"unknown\"}], \"timeline\": [{\"lang\": \"en\", \"time\": \"2023-08-22T00:00:00+00:00\", \"value\": \"CVE-2023-38035 added to CISA KEV\"}], \"references\": [{\"url\": \"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-38035\", \"tags\": [\"government-resource\"]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-863\", \"description\": \"CWE-863 Incorrect Authorization\"}]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-07-16T11:07:16.277Z\"}}], \"cna\": {\"affected\": [{\"vendor\": \"Ivanti\", \"product\": \"MobileIron Sentry\", \"versions\": [{\"status\": \"affected\", \"version\": \"9.18.0 and below\", \"lessThan\": \"9.18.0 and below\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unaffected\"}], \"references\": [{\"url\": \"https://forums.ivanti.com/s/article/CVE-2023-38035-API-Authentication-Bypass-on-Sentry-Administrator-Interface\"}, {\"url\": \"http://packetstormsecurity.com/files/174643/Ivanti-Sentry-Authentication-Bypass-Remote-Code-Execution.html\"}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"A security vulnerability in MICS Admin Portal in Ivanti MobileIron Sentry versions 9.18.0 and below, which may allow an attacker to bypass authentication controls on the administrative interface due to an insufficiently restrictive Apache HTTPD configuration.\"}], \"providerMetadata\": {\"orgId\": \"36234546-b8fa-4601-9d6f-f4e334aa8ea1\", \"shortName\": \"hackerone\", \"dateUpdated\": \"2023-09-13T17:06:24.335Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2023-38035\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-10-21T23:05:40.307Z\", \"dateReserved\": \"2023-07-12T01:00:11.880Z\", \"assignerOrgId\": \"36234546-b8fa-4601-9d6f-f4e334aa8ea1\", \"datePublished\": \"2023-08-21T16:51:20.678Z\", \"assignerShortName\": \"hackerone\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
Loading…
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…