CISA Known Exploited Vulnerability
This vulnerability is actively exploited in the wild and listed in the CISA Known Exploited Vulnerabilities catalog.
Remediation Deadline: Sep 12, 2023
High
CISA KEVRansomwareCVE-2023-38035
Ivanti—Sentry
Ivanti Sentry, formerly known as MobileIron Sentry, contains an authentication bypass vulnerability that may allow an attacker to bypass authentication controls on the administrative interface due to an insufficiently restrictive Apache HTTPD configuration.
Required Action
https://forums.ivanti.com/s/article/CVE-2023-38035-API-Authentication-Bypass-on-Sentry-Administrator-Interface?language=en_US ; https://nvd.nist.gov/vuln/detail/CVE-2023-38035
Vulnerability Overview
- Severity
- High
- CISA KEV
- Yes
- Ransomware
- Known
- Published
- Aug 22, 2023
- KEV Added
- Aug 22, 2023
- Due Date
- Sep 12, 2023
- Related Articles
- 0
Vendor
Ivanti
Sentry