Security News > 2023 > August > Ivanti warns of new actively exploited MobileIron zero-day bug

Ivanti warns of new actively exploited MobileIron zero-day bug
2023-08-21 15:28

"As of now, we are only aware of a limited number of customers impacted by CVE-2023-38035. This vulnerability does not affect other Ivanti products or solutions, such as Ivanti EPMM, MobileIron Cloud or Ivanti Neurons for MDM," Ivanti said.

Since April, state-sponsored hackers have exploited two additional security vulnerabilities within Ivanti's Endpoint Manager Mobile, previously known as MobileIron Core.

Ivanti patches MobileIron zero-day bug exploited in attacks.

Ivanti discloses new critical auth bypass bug in MobileIron Core.

Ivanti patches new zero-day exploited in Norwegian govt attacks.

CISA warns govt agencies to patch Ivanti bug exploited in attacks.


News URL

https://www.bleepingcomputer.com/news/security/ivanti-warns-of-new-actively-exploited-mobileiron-zero-day-bug/

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2023-08-21 CVE-2023-38035 Incorrect Authorization vulnerability in Ivanti Mobileiron Sentry
A security vulnerability in MICS Admin Portal in Ivanti MobileIron Sentry versions 9.18.0 and below, which may allow an attacker to bypass authentication controls on the administrative interface due to an insufficiently restrictive Apache HTTPD configuration.
network
low complexity
ivanti CWE-863
critical
9.8

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Ivanti 26 0 51 152 75 278
Mobileiron 8 0 1 2 5 8