ATTACK [PTsecurity] Ivanti Sentry RCE attempt (CVE-2023-38035)

SID: 10010662Rev: 141 views
History
Sourceptrules/open
CreatedJuly 24, 2025
UpdatedJuly 24, 2025
Classificationattempted-admin
alert http any any -> any any (msg:"ATTACK [PTsecurity] Ivanti Sentry RCE attempt (CVE-2023-38035)"; flow:established, to_server; http.uri; content:"/mics/services/MICSLogService"; http.header; content:"application/x-hessian"; http.request_body; content:"uploadFileUsingFileInput"; content:"command"; distance:0; content:"isRoot"; reference:cve, 2023-38035; reference:url, horizon3.ai/ivanti-sentry-authentication-bypass-cve-2023-38035-deep-dive/; reference:url, rules.ptsecurity.com; classtype:attempted-admin; sid:10010662; rev:1;)

References

cve2023-38035
urlhorizon3.ai/ivanti-sentry-authentication-bypass-cve-2023-38035-deep-dive/
urlrules.ptsecurity.com

Comments (0)

Please sign in to leave a comment.
Sign in

No comments yet. Be the first to comment!