CVE-2023-38035

Vulnerability updated 2 months ago (2024-11-29T14:20:18.229Z)

Download STIX

Preview STIX

CVE-2023-38035 is a critical software vulnerability discovered in Ivanti's Sentry software, formerly known as MobileIron Sentry. This flaw, rated 9.8 on the CVSS scale, affects versions 9.18 and earlier of the product. The vulnerability was identified by cybersecurity company mnemonic and is characterized by an insufficiently restrictive Apache HTTPD configuration. This allows threat actors to bypass API authentication, thereby gaining access to sensitive Sentry administrator interface APIs. One month after the vulnerability was discovered, hackers began exploiting it in limited and targeted attacks. A third zero-day flaw in Ivanti's Sentry software, CVE-2023-38035, was used to bypass API authentication on vulnerable devices. The exploitation of this vulnerability has serious implications, including unauthorized access to sensitive information and potential disruption of services. Protection against this threat is provided by Check Point IPS blade. However, given the severity of the vulnerability, organizations using affected versions of Ivanti's Sentry software are strongly advised to apply patches or updates as soon as they become available. In the meantime, implementing additional security measures such as monitoring network traffic and restricting access to sensitive APIs can help mitigate the risk.

Description last updated: 2024-03-17T13:17:26.057Z

What's your take? (Question 1 of 1)

Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.

Aliases We are not currently tracking any aliases

Miscellaneous Associations

Other elements of context that could aid in the identification of relevance

Ivanti

Vulnerability

Analyst Notes & Discussion

Be the first to leave your mark here! Log in to share your views and vote.

Source Document References

Information about the CVE-2023-38035 Vulnerability was read from the documents corpus below. This display is limited to 20 results, create a free account to see more

Source Link	CreatedAt	Title
Securityaffairs	6 months ago	SECURITY AFFAIRS MALWARE NEWSLETTER – ROUND 6
Securityaffairs	6 months ago	security-affairs-malware-newsletter-round-5
Securityaffairs	6 months ago	Security Affairs Malware Newsletter - Round 3
Securityaffairs	6 months ago	Security Affairs Malware Newsletter - Round 3
Securityaffairs	7 months ago	Security Affairs Malware Newsletter - Round 2
Securityaffairs	7 months ago	Security Affairs Malware Newsletter - Round 1
Securityaffairs	7 months ago	Security Affairs newsletter Round 478 by Pierluigi Paganini – INTERNATIONAL EDITION
Securityaffairs	7 months ago	Security Affairs newsletter Round 477 by Pierluigi Paganini – INTERNATIONAL EDITION
Securityaffairs	8 months ago	Security Affairs newsletter Round 476 by Pierluigi Paganini – INTERNATIONAL EDITION
Securityaffairs	8 months ago	Security Affairs newsletter Round 473 by Pierluigi Paganini – INTERNATIONAL EDITION
Securityaffairs	9 months ago	Security Affairs newsletter Round 470 by Pierluigi Paganini – INTERNATIONAL EDITION
Securityaffairs	9 months ago	Security Affairs newsletter Round 469 by Pierluigi Paganini – INTERNATIONAL EDITION
Securityaffairs	10 months ago	Security Affairs newsletter Round 467 by Pierluigi Paganini – INTERNATIONAL EDITION
Securityaffairs	10 months ago	Security Affairs newsletter Round 466 by Pierluigi Paganini
Securityaffairs	10 months ago	Security Affairs newsletter Round 465 by Pierluigi Paganini
Securityaffairs	10 months ago	Security Affairs newsletter Round 464 by Pierluigi Paganini
Securityaffairs	a year ago	Security Affairs newsletter Round 463 by Pierluigi Paganini
Securityaffairs	a year ago	Security Affairs newsletter Round 462 by Pierluigi Paganini
Securityaffairs	a year ago	Security Affairs newsletter Round 461 by Pierluigi Paganini
Securityaffairs	a year ago	Security Affairs newsletter Round 460 by Pierluigi Paganini