Dashboard Vulnerabilities Scan

로그인 가입

VulnIntel

개인정보처리방침 이용약관 데이터 라이선스

© 2026 VulnIntel. All rights reserved.

CVE-2023-38035 | VulnIntel — VulnIntel

CVE-2023-38035

CVE-2023-38035

CRITICAL

KEV

Ransomware

Exploit

설명

A security vulnerability in MICS Admin Portal in Ivanti MobileIron Sentry versions 9.18.0 and below, which may allow an attacker to bypass authentication controls on the administrative interface due to an insufficiently restrictive Apache HTTPD configuration.

Score Summary

CVSS Score: 9.8
Version: 3.1
Risk Score: 9.90
Attack Vector: 네트워크 공격
낮은 복잡도
권한 불필요
사용자 상호작용 불필요
범위 변경 없음
기밀성 영향 높음
무결성 영향 높음
가용성 영향 높음

Details

Published: 08/21/2023(3 years ago)
Modified: 10/31/2025(7 months ago)
Source: KEV, NVD
Products: 1

CISA KEV Listing

Ransomware

Vendor / Project: Ivanti
Product: Sentry

Date Added: 08/22/2023
Due Date: 09/12/2023Overdue 979d

Required Action

Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Vulnerability Lifecycle

NVDPublished08/21/2023
CISA KEVKEV Listed08/22/2023
CISA KEV

CWE Weakness Classification

CWE-863
NVD
Secondary

References (3)

NVD
Exploit
http://packetstormsecurity.com/files/174643/Ivanti-Sentry-Authentication-Bypass-Remote-Code-Execution.html
NVD
Advisory
https://forums.ivanti.com/s/article/CVE-2023-38035-API-Authentication-Bypass-on-Sentry-Administrator-Interface
NVD

Affected Products (1)

A security vulnerability in MICS Admin Portal in Ivanti MobileIron Sentry versions 9.18.0 and below, which may allow an attacker to bypass authentication controls on the administrative interface due to an insufficiently restrictive Apache HTTPD configuration.

StatusAnalyzed

Due Date

09/12/2023

NVDLast Modified10/31/2025

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-38035

Vulnerabilities