all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

New Ivanti Zero-Day Vulnerability Allows Hackers to Access Sensitive APIs

Add to bookmarks
Aug. 23, 2023, 11:56 a.m. | Livia Gyongyoși

Heimdal Security Blog heimdalsecurity.com

Researchers observed a critical Ivanti Sentry API authentication bypass vulnerability exploited in the wild. The flaw was dubbed CVE-2023-38035 and it enables authentication bypass on Ivanti Sentry versions 9.18 and prior, due to improper Apache HTTPD configuration. According to the company, CVE-2023-38035 doesn`t impact any of its other products, such as Ivanti EPMM, MobileIron Cloud […]


The post New Ivanti Zero-Day Vulnerability Allows Hackers to Access Sensitive APIs appeared first on Heimdal Security Blog.

access apache api api authentication apis authentication authentication bypass bypass bypass vulnerability configuration critical cve cybersecurity news exploited flaw hackers httpd impact ivanti products researchers sentry the company vulnerability vulnerability exploited zero-day zero-day vulnerability

Visit resource

More from heimdalsecurity.com / Heimdal Security Blog

Patch Now! CrushFTP Zero-day Lets Attackers Download System Files 1 week ago | heimdalsecurity.com
attackers critical crushftp customers +22
MITRE Breached – Hackers Chained 2 Ivanti Zero-days to Compromise VPN 1 week ago | heimdalsecurity.com
attack authentication authentication bypass breach +30
A System Administrator’s Challenges in Patch Management 1 week ago | heimdalsecurity.com
administrator alex benefits challenges +13
Free and Downloadable Account Management Policy Template 1 week, 1 day ago | heimdalsecurity.com
account accounts business data +16
Atera vs. ConnectWise: Head-to-Head Comparison (And Alternative) 1 week, 2 days ago | heimdalsecurity.com
article atera balance complexity +11
NinjaOne vs. Atera: A Deep Comparison Between the Solutions 1 week, 5 days ago | heimdalsecurity.com
atera business critical customers +22
Deceptive Google Ads Mimic IP Scanner Software to Push Backdoor 1 week, 5 days ago | heimdalsecurity.com
ads backdoor campaign cybersecurity +16
CrowdStrike vs. SentinelOne: Which One Is Better For Endpoint Security? 1 week, 6 days ago | heimdalsecurity.com
business can crowdstrike cybersecurity +13
Surge in Botnets Exploiting CVE-2023-1389 to Infect TP-Link Archer Routers 2 weeks ago | heimdalsecurity.com
bleeping computer botnet botnets command +24

Jobs in InfoSec / Cybersecurity

Post a job on infosec-jobs.com Find talent on infosec-jobs.com

Social Engineer For Reverse Engineering Exploit Study

@ Independent study | Remote
View on infosec-jobs.com

Application Security Engineer - Remote Friendly

@ Unit21 | San Francisco,CA; New York City; Remote USA;
View on infosec-jobs.com

Cloud Security Specialist

@ AppsFlyer | Herzliya
View on infosec-jobs.com

Malware Analysis Engineer - Canberra, Australia

@ Apple | Canberra, Australian Capital Territory, Australia
View on infosec-jobs.com

Product CISO

@ Fortinet | Sunnyvale, CA, United States
View on infosec-jobs.com

Manager, Security Engineering

@ Thrive | United States - Remote
View on infosec-jobs.com
View more jobs