Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools

Sentry

Source -

CNACISA

CNA CVEs -

8

ADP CVEs -

0

CISA CVEs -

1

NVD CVEs -

0
Related CVEsRelated VendorsRelated AssignersReports
9Vulnerabilities found
CVE-2026-10523
Assigner-Ivanti
ShareView Details
Assigner-Ivanti
CVSS Score-9.9||CRITICAL
EPSS-Not Assigned
Published-09 Jun, 2026 | 14:16
Updated-10 Jun, 2026 | 03:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An Authentication Bypass vulnerability (CWE-288) in Ivanti Sentry before the R10.5.2, R10.6.2 and R10.7.1 versions allows a remote unauthenticated attacker to create arbitrary administrative accounts and obtain full administrative access

Action-Not Available
Vendor-Ivanti Software
Product-Sentry
CWE ID-CWE-288
Authentication Bypass Using an Alternate Path or Channel
CVE-2026-10520
Assigner-Ivanti
ShareView Details
Assigner-Ivanti
CVSS Score-10||CRITICAL
EPSS-Not Assigned
Published-09 Jun, 2026 | 14:10
Updated-10 Jun, 2026 | 03:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An OS Command Injection vulnerability in Ivanti Sentry before the R10.5.2, R10.6.2 and R10.7.1 versions allows a remote unauthenticated user to achieve root-level remote code execution

Action-Not Available
Vendor-Ivanti Software
Product-Sentry
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2021-47935
Assigner-VulnCheck
ShareView Details
Assigner-VulnCheck
CVSS Score-8.7||HIGH
EPSS-0.42% / 62.08%
||
7 Day CHG~0.00%
Published-10 May, 2026 | 12:43
Updated-14 May, 2026 | 17:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Sentry 8.2.0 Remote Code Execution via Pickle Deserialization

Sentry 8.2.0 contains a remote code execution vulnerability that allows authenticated superusers to execute arbitrary commands by injecting malicious pickle-serialized objects through the audit log entry data parameter. Attackers can submit crafted POST requests to the admin audit log endpoint with base64-encoded compressed pickle payloads in the data field to achieve code execution with application privileges.

Action-Not Available
Vendor-sentrySentry
Product-sentrySentry
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2023-39338
Assigner-HackerOne
ShareView Details
Assigner-HackerOne
CVSS Score-6.8||MEDIUM
EPSS-5.19% / 90.11%
||
7 Day CHG~0.00%
Published-12 Jul, 2025 | 03:30
Updated-26 Feb, 2026 | 17:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Enables an authenticated user (enrolled device) to access a service protected by Sentry even if they are not authorized according to the sentry policy to access that service. It does not enable the user to authenticate to or use the service, it just provides the tunnel access.

Action-Not Available
Vendor-Ivanti Software
Product-Sentry
CWE ID-CWE-732
Incorrect Permission Assignment for Critical Resource
CVE-2025-53073
Assigner-MITRE Corporation
ShareView Details
Assigner-MITRE Corporation
CVSS Score-4.2||MEDIUM
EPSS-0.12% / 30.41%
||
7 Day CHG~0.00%
Published-24 Jun, 2025 | 00:00
Updated-26 Jun, 2025 | 18:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Sentry 25.1.0 through 25.5.1, an authenticated attacker can access a project's issue endpoint and perform unauthorized actions (such as adding a comment) without being a member of the project's team. A seven-digit issue ID must be known (it is not treated as a secret and might be mentioned publicly, or it could be predicted).

Action-Not Available
Vendor-Sentry
Product-Sentry
CWE ID-CWE-425
Direct Request ('Forced Browsing')
CVE-2024-8540
Assigner-Ivanti
ShareView Details
Assigner-Ivanti
CVSS Score-8.8||HIGH
EPSS-0.22% / 45.21%
||
7 Day CHG~0.00%
Published-10 Dec, 2024 | 18:52
Updated-30 Jul, 2025 | 17:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Insecure permissions in Ivanti Sentry before versions 9.20.2 and 10.0.2 or 10.1.0 allow a local authenticated attacker to modify sensitive application components.

Action-Not Available
Vendor-Ivanti Software
Product-standalone_sentrySentry
CWE ID-CWE-732
Incorrect Permission Assignment for Critical Resource
CVE-2024-10276
Assigner-VulDB
ShareView Details
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.15% / 34.96%
||
7 Day CHG~0.00%
Published-23 Oct, 2024 | 11:00
Updated-01 May, 2025 | 14:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Telestream Sentry Reports Page page cross site scripting

A vulnerability has been found in Telestream Sentry 6.0.9 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /?page=reports of the component Reports Page. The manipulation of the argument z leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-telestreamTelestreamtelestream
Product-sentrySentrysentry
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2023-41724
Assigner-HackerOne
ShareView Details
Assigner-HackerOne
CVSS Score-9.6||CRITICAL
EPSS-6.30% / 91.12%
||
7 Day CHG~0.00%
Published-31 Mar, 2024 | 01:45
Updated-25 Mar, 2025 | 14:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A command injection vulnerability in Ivanti Sentry prior to 9.19.0 allows unauthenticated threat actor to execute arbitrary commands on the underlying operating system of the appliance within the same physical or logical network.

Action-Not Available
Vendor-Ivanti Software
Product-standalone_sentrySentrysentry
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2023-38035
Assigner-HackerOne
ShareView Details
Assigner-HackerOne
CVSS Score-9.8||CRITICAL
EPSS-94.42% / 99.98%
||
7 Day CHG~0.00%
Published-21 Aug, 2023 | 16:51
Updated-31 Oct, 2025 | 21:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2023-09-12||Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

A security vulnerability in MICS Admin Portal in Ivanti MobileIron Sentry versions 9.18.0 and below, which may allow an attacker to bypass authentication controls on the administrative interface due to an insufficiently restrictive Apache HTTPD configuration.

Action-Not Available
Vendor-Ivanti Software
Product-mobileiron_sentryMobileIron Sentrymobileiron_sentrySentry
CWE ID-CWE-863
Incorrect Authorization