admin/cve
1
0
Fork 0
mirror of https://github.com/0xMarcio/cve.git synced 2025-05-07 03:02:30 +00:00
Code Issues Packages Projects Releases Wiki Activity
cve/2023/CVE-2023-38035.md

27 lines
1.2 KiB
Markdown
Raw Normal View History

Update Sat May 25 21:48:12 CEST 2024
2024-05-25 21:48:12 +02:00
### [CVE-2023-38035](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38035)
![](https://img.shields.io/static/v1?label=Product&message=MobileIron%20Sentry&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=9.18.0%20and%20below%3C%209.18.0%20and%20below%20&color=brighgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
### Description
A security vulnerability in MICS Admin Portal in Ivanti MobileIron Sentry versions 9.18.0 and below, which may allow an attacker to bypass authentication controls on the administrative interface due to an insufficiently restrictive Apache HTTPD configuration.
### POC
#### Reference
- http://packetstormsecurity.com/files/174643/Ivanti-Sentry-Authentication-Bypass-Remote-Code-Execution.html
#### Github
- https://github.com/LeakIX/sentryexploit
- https://github.com/Ostorlab/KEV
- https://github.com/Ostorlab/known_exploited_vulnerbilities_detectors
- https://github.com/Y4tacker/JavaSec
- https://github.com/horizon3ai/CVE-2023-38035
- https://github.com/mayur-esh/vuln-liners
- https://github.com/mind2hex/MICS_Hunter
- https://github.com/netlas-io/netlas-dorks
- https://github.com/nomi-sec/PoC-in-GitHub
- https://github.com/r3volved/CVEAggregate
Reference in New Issue Copy Permalink