Connect with us

Hi, what are you looking for?


Malware & Threats

Ivanti Ships Urgent Patch for API Authentication Bypass Vulnerability

A critical-severity vulnerability in the Ivanti Sentry (formerly MobileIron Sentry) product exposes sensitive API data and configurations.

Ivanti Sentry CVE-2023-38035 exploited

Ivanti’s problems with security defects in its enterprise-facing products are starting to pile up.

The IT software company on Monday shipped urgent patches for a critical-severity vulnerability in the Ivanti Sentry (formerly MobileIron Sentry) product and warned that hackers could exploit the issue to access sensitive API data and configurations.

The vulnerability, tagged as CVE-2023-38035, affects Ivanti Sentry versions 9.18 and prior, and could be exploited by malicious hackers to change configuration, run system commands, or write files onto the system, Ivanti said in an advisory. 

“If exploited, this vulnerability enables an unauthenticated actor to access some sensitive APIs that are used to configure the Ivanti Sentry on the administrator portal (port 8443, commonly MICS),” the company said.

While the issue carries a 9.8/10 CVSS severity score, Ivanti notes there is low risk of exploitation for enterprise administrations who do not expose port 8443 to the internet.

“Ivanti recommends that customers restrict access to MICS to internal management networks and not expose this to the internet,” the company said. 

Ivanti said it was “aware of a limited number of customers impacted by CVE-2023-38035” but it is not yet clear if the issue is being exploited as zero-day in the wild.

Advertisement. Scroll to continue reading.

Ivanti’s security problems have escalated in recent months with the release of patches for critical flaws in the Avalanche Enterprise MDM Product line, in-the-wild exploitation of vulnerabilities in Ivanti EPMM and documented APT activity targeting Ivanti zero-day flaws.

Related: Ivanti Patches Critical Flaw in Avalanche Enterprise MDM Product

Related: Exploitation of Ivanti EPMM Vulnerability Picking Up

Related: Ivanti Zero-Day Exploited by APT Since at Least April

Related: Second Ivanti EPMM Zero-Day Bug Exploited in Targeted Attacks

Written By

Ryan Naraine is Editor-at-Large at SecurityWeek and host of the popular Security Conversations podcast series. He is a security community engagement expert who has built programs at major global brands, including Intel Corp., Bishop Fox and GReAT. Ryan is a founding-director of the Security Tinkerers non-profit, an advisor to early-stage entrepreneurs, and a regular speaker at security conferences around the world.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join security experts as they discuss ZTNA’s untapped potential to both reduce cyber risk and empower the business.


Join Microsoft and Finite State for a webinar that will introduce a new strategy for securing the software supply chain.


Expert Insights

Related Content


Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...


The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Identity & Access

Zero trust is not a replacement for identity and access management (IAM), but is the extension of IAM principles from people to everyone and...


A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Data Breaches

OpenAI has confirmed a ChatGPT data breach on the same day a security firm reported seeing the use of a component affected by an...

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...

IoT Security

A group of seven security researchers have discovered numerous vulnerabilities in vehicles from 16 car makers, including bugs that allowed them to control car...


Patch Tuesday: Microsoft warns vulnerability (CVE-2023-23397) could lead to exploitation before an email is viewed in the Preview Pane.