Lucene search

[email protected]NVD:CVE-2024-37403

HistoryAug 07, 2024 - 4:17 a.m.

CVE-2024-37403

2024-08-0704:17:18

CWE-22

[email protected]

web.nvd.nist.gov

ivanti docs@work

android

dirty stream

vulnerability

path traversal

unauthorized access

sensitive data

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

EPSS

0.001

Percentile

22.6%

JSON

Ivanti Docs@Work for Android, before 2.26.0 is affected by the ‘Dirty Stream’ vulnerability. The application fails to properly sanitize file names, resulting in a path traversal-affiliated vulnerability. This potentially enables other malicious apps on the device to read sensitive information stored in the app root.

Affected configurations

Nvd

Node

ivantidocs\@workRange<2.26.0android

VendorProductVersionCPE
ivantidocs\@work*cpe:2.3:a:ivanti:docs\@work:*:*:*:*:*:android:*:*

Vendor	Product	Version	CPE
ivanti	docs\@work	*	cpe:2.3:a:ivanti:docs\@work::::::android::*

References

forums.ivanti.com/s/article/Security-Advisory-CVE-2024-37403-Dirty-Stream-for-Ivanti-Docs-Work-for-Android

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

EPSS

0.001

Percentile

22.6%

JSON

Related for NVD:CVE-2024-37403

vulnrichment1 cvelist1 cve1