Ivanti warns customers of a new zero-day flaw in its Sentry software.
If successfully exploited, the bug allows an attacker to change configuration, run system commands, or write files onto the system.
The company has published a proof-of-concept for the flaw and released a patch for it.
This comes a week after Ivanti fixed two critical stack-based buffer overflow flaws in its Avalanche software that could lead to crashes and arbitrary code execution on vulnerable installations.
Software services provider Ivantia is warning customers about a new vulnerability affecting its MobileIron Sentry appliance.
It called the flaw CVE-2023-38035 and says that it is actively exploited in the wild.
More concerning is the fact that an unauthenticated actor can gain access to some sensitive APIs through this vulnerability.