Sentry 漏洞列表

A security vulnerability in MICS Admin Portal in Ivanti MobileIron Sentry versions 9.18.0 and below, which may allow an attacker to bypass authentication controls on the administrative interface due to an insufficiently restrictive Apache HTTPD configuration. SHODAN: html:"Note: Requires a local Sentry administrative user" FOFA: title="Ivanti MobileIron Sentry" ZoomEye: app:"Ivanti MobileIron Sentry"

A remote code execution vulnerability in MobileIron Core & Connector versions 10.3.0.3 and earlier, 10.4.0.0, 10.4.0.1, 10.4.0.2, 10.4.0.3, 10.5.1.0, 10.5.2.0 and 10.6.0.0; and Sentry versions 9.7.2 and earlier, and 9.8.0; and Monitor and Reporting Database (RDB) version 2.0.0.1 and earlier contain a vulnerability that allows remote attackers to execute arbitrary code via unspecified vectors.

A security vulnerability in MICS Admin Portal in Ivanti MobileIron Sentry versions 9.18.0 and below, which may allow an attacker to bypass authentication controls on the administrative interface due to an insufficiently restrictive Apache HTTPD configuration.

Sentry是Sentry开源的一个面向开发人员的错误跟踪和性能监控平台。 Sentry 25.1.0之前版本存在授权问题漏洞，该漏洞源于允许攻击者通过使用恶意SAML身份提供者和同一Sentry实例上的另一个组织来接管任何用户帐户。

Ivanti Sentry MICSLogService存在认证绕过漏洞。此漏洞是由于对传入的数据缺乏校验导致的。

弱口令漏洞指的是系统中使用了简单、容易猜测或常见的密码，导致攻击者可以通过猜测或暴力破解的方式轻易获取账户权限，进而访问或控制受影响的系统资源。这种漏洞通常由于缺乏有效的密码策略或用户对安全意识的忽视造成。

由于 Apache HTTPD 配置限制不足,Ivanti MobileIron Sentry 版本 9.18.0 及更低版本中的 MICS管理门户中存在安全漏洞，该漏洞可绕过管理界面上的身份验证控制，执行任意命令，通过该漏洞可以获取服务器权限。