CVE-2023-38035
Description
A security vulnerability in MICS Admin Portal in Ivanti MobileIron Sentry versions 9.18.0 and below, which may allow an attacker to bypass authentication controls on the administrative interface due to an insufficiently restrictive Apache HTTPD configuration.
NVD
Severity: CRITICAL
CVE ID: CVE-2023-38035
CVSS Score: 9.8
CVSS Metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Proof Of Concept
Nuclei Templates for CVE-2023-38035
Refrence: Project Discovery GitHub
horizon3ai
Ivanti Sentry CVE-2023-38035
Refrence: GitHub
LeakIX
CVE-2023-38035 Recon oriented exploit, extract company name contact information
Refrence: GitHub
mind2hex
Script to exploit CVE-2023-38035
Refrence: GitHub