A security vulnerability in MICS Admin Portal in Ivanti MobileIron Sentry versions 9.18.0 and below, which may allow an malicious user to bypass authentication controls on the administrative interface due to an insufficiently restrictive Apache HTTPD configuration.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
ivanti mobileiron sentry |
Topics Security Off-Prem On-Prem Software Offbeat Special Features Vendor Voice Vendor Voice Resources Good thing you're not exposing admin port 8443 to the world, right? Uh, right?
A critical authentication bypass bug in MobileIron Sentry has been exploited in the wild, its maker Ivanti said in an advisory on Monday. This vulnerability, tracked as CVE-2023-38035, is a 9.8-of-10 flaw in terms of CVSS severity, and strictly speaking lies within Ivanti Sentry, formerly known as MobileIron Sentry. This is a gateway that manages and encrypts traffic between an organization's mobile devices and back-end systems. Exploitation of this vuln may result in an intruder gaining control...