Ivanti Sentry Vulnerabilities

22 August 2023

Ivanti confirmed a vulnerability in its Sentry product (MobileIron Sentry). Ivanti has released security remediation for the affected versions using a RPM script.

CVE-2023-38035 (CVSS 3.1: 9.8) is an authentication bypass vulnerability that allows unauthorized users to access sensitive APIs that are used to configure Ivanti Sentry on the administrator panel. This exploit is used if the port 8443 is exposed to the internet.

Affected Products

Ivanti Sentry version 9.18 and earlier

Security Updates

Ivantie confirmed that exploits of CVE-2023-38035 have been observed and that all devices should be updated as soon as possible and then use the RPM scripts available for the supported scripts.

More information from Ivanti, link