CVE-2023-38035

CVSS 3.1 Score 9.8 of 10 (high)

Details

Published Aug 21, 2023

Updated: Aug 14, 2024

CWE ID 863

Summary

CVE-2023-38035 is a vulnerability affecting Ivanti MobileIron Sentry versions 9.18.0 and below. This issue lies in the MICS Admin Portal and stems from an Apache HTTPD configuration that is insufficiently restrictive. Attackers can exploit this weakness to bypass authentication controls on the administrative interface, posing a significant risk to system security. Successful exploitation could lead to unauthorized access and potential data breaches. It is highly recommended that users of affected versions upgrade to a patched version as soon as possible to mitigate this threat.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

MobileIron

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/r9gc67
https://www.cve.org/CVERecord?id=CVE-2023-38035
https://nvd.nist.gov/vuln/detail/CVE-2023-38035

Back to Vulnerability Database

CVE-2023-38035

CVSS 3.1 Score 9.8 of 10 (high)

Details

Summary

Affected Vendors

Advisories, Assessments, and Mitigations