Ivanti Sentry Flaw: Let Attackers Access Critical APIs Used for Configuration

22 August 2023

An unauthenticated critical API access vulnerability was found in the Ivanti Sentry interface, which could allow a threat actor to gain access to sensitive APIs that can be used to access the Ivanti administrator portal and configure Ivanti Sentry. This vulnerability can also be used to execute OS commands on the If an attacker succeeds in exploitation, the attacker will be able to configure Ivnati Sentry, execute system commands, or write files onto the system.

Source: GBHackers

Date:

22 August 2023

Categorie(s):

NEWS

Tag(s):

Access, APIs, Attackers, Configuration, Critical

Security Excellence Awards – winners revealed!3 May 2024
McAfee Dominates AV-Comparatives PC Performance Test3 May 2024
Preparation: The Less Shiny Side of Incident Response – Joe Gross – ESW #3603 May 2024
Critical GitLab account takeover flaw added to CISA’s KEV Catalog2 May 2024
Microsoft, Google do a victory lap around passkeys2 May 2024