Researchers have published working exploit code for the Ivanti Sentry CVE-2023-38035 flaw.
Ivanti on Tuesday said it “has been informed that CVE-2023-38035 was exploited after exploiting CVE-2023-35078 and CVE-2023-35081.”
One of the more serious flaws in Ivanti's enterprise mobile device management platform could allow unauthenticated, remote attackers to execute code.
Rapid7 researchers have found a new flaw (CVE-2023-35082) in Ivanti MobileIron Core 11.2 and earlier.