13 June 2026
Reference: CVE-2023-38035
1. What is being reported?
The vulnerability involves a misconfiguration in the web server software (Apache HTTPD) used by the Ivanti MobileIron Sentry admin portal. This flaw means attackers might bypass the usual login process and access the administrative interface without proper credentials.
2. What this means in plain English
If exploited, someone could gain unauthorised access to your device management system, potentially allowing them to change settings, install harmful software, or disrupt your IT environment. This risk is serious because it affects the control centre for managing mobile devices and security.
3. Could this affect a small business?
Small organisations using Ivanti MobileIron Sentry version 9.18.0 or earlier could be at risk. If you do not use this software or use a newer, patched version, you are likely not affected. Check with your IT provider if you are unsure whether you use this product.
4. What to do now
- Check if your organisation uses Ivanti MobileIron Sentry, especially version 9.18.0 or below.
- Contact your IT provider or software supplier to confirm if you are affected and to arrange an update or patch.
- Ensure your web server software (Apache HTTPD) is properly configured and up to date.
- Monitor your systems for any unusual activity and review access logs for signs of unauthorised access.
5. Ask your IT provider
Can you confirm whether our Ivanti MobileIron Sentry installation is affected by CVE-2023-38035 and what steps have been taken to secure or update it?
6. Bottom line
If you use Ivanti MobileIron Sentry, act quickly to check and update it to prevent unauthorised access to your device management system.
Information based on CISA KEV, NVD, and reputable security reporting.