CVE-2023-38035

Description

A security vulnerability in MICS Admin Portal in Ivanti MobileIron Sentry versions 9.18.0 and below, which may allow an attacker to bypass authentication controls on the administrative interface due to an insufficiently restrictive Apache HTTPD configuration.

NVD
Severity: CRITICAL
CVE ID: CVE-2023-38035
CVSS Score: 9.8
CVSS Metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Refrence: NVD MITRE

Proof Of Concept

Nuclei Templates for CVE-2023-38035

Refrence: Project Discovery GitHub

horizon3ai

Ivanti Sentry CVE-2023-38035

Refrence: GitHub

LeakIX

CVE-2023-38035 Recon oriented exploit, extract company name contact information

Refrence: GitHub

mind2hex

Script to exploit CVE-2023-38035

Refrence: GitHub

Description​

Proof Of Concept​

Description

Proof Of Concept