Security News > 2023 > August > Ivanti warns of new actively exploited MobileIron zero-day bug
2023-08-21 15:28
"As of now, we are only aware of a limited number of customers impacted by CVE-2023-38035. This vulnerability does not affect other Ivanti products or solutions, such as Ivanti EPMM, MobileIron Cloud or Ivanti Neurons for MDM," Ivanti said.
Since April, state-sponsored hackers have exploited two additional security vulnerabilities within Ivanti's Endpoint Manager Mobile, previously known as MobileIron Core.
Ivanti patches MobileIron zero-day bug exploited in attacks.
Ivanti discloses new critical auth bypass bug in MobileIron Core.
Ivanti patches new zero-day exploited in Norwegian govt attacks.
CISA warns govt agencies to patch Ivanti bug exploited in attacks.
News URL
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-08-21 | CVE-2023-38035 | Incorrect Authorization vulnerability in Ivanti Mobileiron Sentry A security vulnerability in MICS Admin Portal in Ivanti MobileIron Sentry versions 9.18.0 and below, which may allow an attacker to bypass authentication controls on the administrative interface due to an insufficiently restrictive Apache HTTPD configuration. | 9.8 |