Free practical cybersecurity guidance for organisations without a security team.
hello@actionsoncyber.com
← Back to Vulnerability Briefs

Critical Security Flaw in Ivanti MobileIron Sentry Could Let Attackers Bypass Admin Login

A serious security weakness has been found in Ivanti MobileIron Sentry's admin portal that could allow hackers to get past login controls. This matters because it could let attackers take control of important management tools, potentially harming your organisation's IT systems.

13 June 2026

Reference: CVE-2023-38035

1. What is being reported?

The vulnerability involves a misconfiguration in the web server software (Apache HTTPD) used by the Ivanti MobileIron Sentry admin portal. This flaw means attackers might bypass the usual login process and access the administrative interface without proper credentials.

2. What this means in plain English

If exploited, someone could gain unauthorised access to your device management system, potentially allowing them to change settings, install harmful software, or disrupt your IT environment. This risk is serious because it affects the control centre for managing mobile devices and security.

3. Could this affect a small business?

Small organisations using Ivanti MobileIron Sentry version 9.18.0 or earlier could be at risk. If you do not use this software or use a newer, patched version, you are likely not affected. Check with your IT provider if you are unsure whether you use this product.

4. What to do now

  • Check if your organisation uses Ivanti MobileIron Sentry, especially version 9.18.0 or below.
  • Contact your IT provider or software supplier to confirm if you are affected and to arrange an update or patch.
  • Ensure your web server software (Apache HTTPD) is properly configured and up to date.
  • Monitor your systems for any unusual activity and review access logs for signs of unauthorised access.

5. Ask your IT provider

Can you confirm whether our Ivanti MobileIron Sentry installation is affected by CVE-2023-38035 and what steps have been taken to secure or update it?

6. Bottom line

If you use Ivanti MobileIron Sentry, act quickly to check and update it to prevent unauthorised access to your device management system.

Information based on CISA KEV, NVD, and reputable security reporting.

Back to Vulnerability Briefs