Ivanti Sentry Vulnerabilities
22 August 2023
Ivanti confirmed a vulnerability in its Sentry product (MobileIron Sentry). Ivanti has released security remediation for the affected versions using a RPM script.
CVE-2023-38035 (CVSS 3.1: 9.8) is an authentication bypass vulnerability that allows unauthorized users to access sensitive APIs that are used to configure Ivanti Sentry on the administrator panel. This exploit is used if the port 8443 is exposed to the internet.
Affected Products
Ivanti Sentry version 9.18 and earlier
Security Updates
Ivantie confirmed that exploits of CVE-2023-38035 have been observed and that all devices should be updated as soon as possible and then use the RPM scripts available for the supported scripts.
More information from Ivanti, link