Actively exploited in the wild
Ivanti Sentry Authentication Bypass Vulnerability
Ivanti — Sentry · Listed in the CISA KEV since 2023-08-22. This indicates confirmed attacks in production environments.
Required action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
CVE-2023-38035
CriticalCVSS 9.8KEVExploitation Probability (EPSS)
Very high risk100th percentile — higher than 100% of all known CVEs
Summary
A security vulnerability in MICS Admin Portal in Ivanti MobileIron Sentry versions 9.18.0 and below may allow an attacker to bypass authentication controls on the administrative interface due to an insufficiently restrictive Apache HTTPD configuration.
Risk Assessment
This vulnerability could lead to unauthorized access to the administrative interface, posing a serious threat to the organization's data security.
Recommendation
It is recommended to upgrade to the latest version of Ivanti MobileIron Sentry and review and strengthen the Apache HTTPD configuration to secure the administrative interface.
Original NVD description (English source)
A security vulnerability in MICS Admin Portal in Ivanti MobileIron Sentry versions 9.18.0 and below, which may allow an attacker to bypass authentication controls on the administrative interface due to an insufficiently restrictive Apache HTTPD configuration.

