Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Secure_access_client
(Ivanti)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 16 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2023-11-15 | CVE-2023-41718 | When a particular process flow is initiated, an attacker may be able to gain unauthorized elevated privileges on the affected system when having control over a specific file. | Secure_access_client | 7.8 | ||
| 2023-11-15 | CVE-2023-38543 | A vulnerability exists on all versions of the Ivanti Secure Access Client below 22.6R1.1, which could allow a locally authenticated attacker to exploit a vulnerable configuration, potentially leading to a denial of service (DoS) condition on the user machine. | Secure_access_client | 7.8 | ||
| 2023-11-15 | CVE-2023-38043 | A vulnerability exists on all versions of the Ivanti Secure Access Client below 22.6R1.1, which could allow a locally authenticated attacker to exploit a vulnerable configuration, potentially leading to a denial of service (DoS) condition on the user machine and, in some cases, resulting in a full compromise of the system. | Secure_access_client | 7.8 | ||
| 2023-11-15 | CVE-2023-38544 | A logged in user can modify specific files that may lead to unauthorized changes in system-wide configuration settings. This vulnerability could be exploited to compromise the integrity and security of the network on the affected system. | Secure_access_client | 5.5 | ||
| 2024-11-13 | CVE-2024-37398 | Insufficient validation in Ivanti Secure Access Client before 22.7R4 allows a local authenticated attacker to escalate their privileges. | Secure_access_client | 7.8 | ||
| 2024-11-13 | CVE-2024-29211 | A race condition in Ivanti Secure Access Client before version 22.7R4 allows a local authenticated attacker to modify sensitive configuration files. | Secure_access_client | 4.7 |