Ivanti Sentry Authenticated User Access Vulnerability

A vulnerability in Ivanti Sentry (formerly MobileIron Sentry) allows an authenticated user with an enrolled device to access services protected by Sentry, bypassing authorization policies. While the vulnerability creates a tunnel access to the service, it does not allow the user to authenticate or use the service directly. This issue affects all supported versions of Sentry, including 9.16, 9.17, and 9.18, as well as older releases.

Impact

Exploitation of this vulnerability could lead to unauthorized access to services protected by Sentry, allowing users to gain restricted capabilities.

Remediation

Users are advised to upgrade to Ivanti Sentry version 9.20, where this vulnerability has been patched. For detailed instructions on how to apply the update, refer to the Ivanti Knowledge Base article on this vulnerability.