CVE-2023-38035

2023-08-2117:15:47

CWE-863

[email protected]

web.nvd.nist.gov

2667

In Wild

cve

2023

38035

mics admin portal

ivanti mobileiron sentry

authentication bypass

security vulnerability

apache httpd configuration

nvd

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.6 High

AI Score

Confidence

High

0.975 High

EPSS

Percentile

100.0%

JSON

A security vulnerability in MICS Admin Portal in Ivanti MobileIron Sentry versions 9.18.0 and below, which may allow an attacker to bypass authentication controls on the administrative interface due to an insufficiently restrictive Apache HTTPD configuration.

Affected configurations

NVD

Node

ivantimobileiron_sentryRange≤9.18.0

CPENameOperatorVersion
ivanti:mobileiron_sentryivanti mobileiron sentryle9.18.0

CPE	Name	Operator	Version
ivanti:mobileiron_sentry	ivanti mobileiron sentry	le	9.18.0

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "vendor": "Ivanti",
    "product": "MobileIron Sentry",
    "versions": [
      {
        "version": "9.18.0 and below",
        "status": "affected",
        "lessThan": "9.18.0 and below",
        "versionType": "custom"
      }
    ]
  }
]