Ivanti Sentry, formerly known as MobileIron Sentry, is vulnerable to an API authentication bypass on the Sentry administrator interface. A remote and unauthenticated attacker can leverage this vulnerability to gain access to sensitive APIs and achieve OS command execution as the root user on the vulnerable instance.
No source data
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38035
packetstormsecurity.com/files/174643/Ivanti-Sentry-Authentication-Bypass-Remote-Code-Execution.html
forums.ivanti.com/s/article/CVE-2023-38035-API-Authentication-Bypass-on-Sentry-Administrator-Interface
forums.ivanti.com/s/article/KB-API-Authentication-Bypass-on-Sentry-Administrator-Interface-CVE-2023-38035?language=en_US
www.horizon3.ai/attack-research/attack-blogs/ivanti-sentry-authentication-bypass-cve-2023-38035-deep-dive/