The security problems facing Ivanti, a provider of software services, have become worse. The company has discovered a new serious zero-day vulnerability that affects Ivanti Sentry (previously MobileIron Sentry) and is being actively exploited in the field.
A case of authentication bypass affecting versions 9.18 and earlier, it has been identified as CVE-2023-38035 (CVSS score: 9.8) and is attributed to an inadequately restrictive Apache HTTPD setup.
An unauthorised actor may be able to access some sensitive APIs used to set the Ivanti Sentry on the administrator portal (port 8443, often known as MICS), if this vulnerability is taken advantage of, according to the business read more Ivanti Warns of Critical Zero Day Flaw Being Actively Exploited in Sentry Software.
Stay informed with the best cybersecurity news and raise your cybersecurity awareness with our comprehensive coverage of the latest threats, breaches, and solutions.