Zero-Day Vulnerability Exploited in Ivanti Sentry (CVE-2023-38035)

On August 21, Ivanti published an advisory for a newly disclosed zero-day vulnerability in its Ivanti Sentry product that was exploited in the wild:

• CVE-2023-38035

This is the third time in a month that Ivanti has disclosed a zero-day vulnerability in its products that have been exploited in the wild.

The other two zero-days exploited in Ivanti products in the last month:

• CVE-2023-35078 (July 24)
• CVE-2023-35081 (July 28)

We wrote about these two flaws in late July in our blog post CVE-2023-35078: Ivanti Endpoint Manager Mobile (EPMM) / MobileIron Core Unauthenticated API Access Vulnerability. 

For more information about the vulnerability, including the availability of patches and Tenable product coverage, please visit our blog.