Lucene search

K
IvantiSecure Access Client

17 matches found

CVE
CVE
added 2023/11/15 12:15 a.m.47 views

CVE-2023-35080

A vulnerability has been identified in the Ivanti Secure Access Windows client, which could allow a locally authenticated attacker to exploit a vulnerable configuration, potentially leading to various security risks, including the escalation of privileges, denial of service, or information disclosu...

8.8CVSS8.4AI score0.00429EPSS
CVE
CVE
added 2025/03/11 3:15 p.m.46 views

CVE-2025-22454

Insufficiently restrictive permissions in Ivanti Secure Access Client before 22.7R4 allows a local authenticated attacker to escalate their privileges.

7.8CVSS6.8AI score0.00083EPSS
CVE
CVE
added 2023/10/25 6:17 p.m.43 views

CVE-2023-38041

A logged in user may elevate its permissions by abusing a Time-of-Check to Time-of-Use (TOCTOU) race condition. When a particular process flow is initiated, an attacker can exploit this condition to gain unauthorized elevated privileges on the affected system.

7.8CVSS7.6AI score0.00425EPSS
CVE
CVE
added 2024/11/13 2:15 a.m.43 views

CVE-2024-38654

Improper bounds checking in Ivanti Secure Access Client before version 22.7R3 allows a local authenticated attacker with admin privileges to cause a denial of service.

4.4CVSS6.7AI score0.00075EPSS
CVE
CVE
added 2025/02/11 4:15 p.m.42 views

CVE-2024-13813

Insufficient permissions in Ivanti Secure Access Client before version 22.8R1 allows a local authenticated attacker to delete arbitrary files.

7.1CVSS6.7AI score0.00069EPSS
CVE
CVE
added 2024/11/13 2:15 a.m.42 views

CVE-2024-29211

A race condition in Ivanti Secure Access Client before version 22.7R4 allows a local authenticated attacker to modify sensitive configuration files.

7.1CVSS6.5AI score0.00069EPSS
CVE
CVE
added 2024/05/31 6:15 p.m.41 views

CVE-2023-38042

A local privilege escalation vulnerability in Ivanti Secure Access Client for Windows allows a low privileged user to execute code as SYSTEM.

7.8CVSS7.6AI score0.00103EPSS
CVE
CVE
added 2024/11/13 2:15 a.m.40 views

CVE-2024-37398

Insufficient validation in Ivanti Secure Access Client before 22.7R4 allows a local authenticated attacker to escalate their privileges.

7.8CVSS6.9AI score0.00072EPSS
CVE
CVE
added 2024/11/12 5:15 p.m.38 views

CVE-2024-7571

Incorrect permissions in Ivanti Secure Access Client before 22.7R4 allows a local authenticated attacker to escalate their privileges.

7.8CVSS6.8AI score0.00093EPSS
CVE
CVE
added 2024/11/12 5:15 p.m.38 views

CVE-2024-9843

A buffer over-read in Ivanti Secure Access Client before 22.7R4 allows a local unauthenticated attacker to cause a denial of service.

5.5CVSS6.9AI score0.00041EPSS
CVE
CVE
added 2024/11/12 5:15 p.m.36 views

CVE-2024-8539

Improper authorization in Ivanti Secure Access Client before version 22.7R3 allows a local authenticated attacker to modify sensitive configuration files.

7.1CVSS6.4AI score0.00076EPSS
CVE
CVE
added 2024/11/12 5:15 p.m.34 views

CVE-2024-9842

Incorrect permissions in Ivanti Secure Access Client before version 22.7R4 allows a local authenticated attacker to create arbitrary folders.

7.3CVSS6.7AI score0.00067EPSS
CVE
CVE
added 2024/05/31 6:15 p.m.32 views

CVE-2023-46810

A local privilege escalation vulnerability in Ivanti Secure Access Client for Linux before 22.7R1, allows a low privileged user to execute code as root.

7.3CVSS7.6AI score0.00065EPSS
CVE
CVE
added 2023/11/15 12:15 a.m.31 views

CVE-2023-41718

When a particular process flow is initiated, an attacker may be able to gain unauthorized elevated privileges on the affected system when having control over a specific file.

7.8CVSS7.6AI score0.00212EPSS
CVE
CVE
added 2023/11/15 12:15 a.m.29 views

CVE-2023-38544

A logged in user can modify specific files that may lead to unauthorized changes in system-wide configuration settings. This vulnerability could be exploited to compromise the integrity and security of the network on the affected system.

5.5CVSS5.2AI score0.00173EPSS
CVE
CVE
added 2023/11/15 12:15 a.m.26 views

CVE-2023-38543

A vulnerability exists on all versions of the Ivanti Secure Access Client below 22.6R1.1, which could allow a locally authenticated attacker to exploit a vulnerable configuration, potentially leading to a denial of service (DoS) condition on the user machine.

8.8CVSS8.2AI score0.00192EPSS
CVE
CVE
added 2023/11/15 12:15 a.m.23 views

CVE-2023-38043

A vulnerability exists on all versions of the Ivanti Secure Access Client below 22.6R1.1, which could allow a locally authenticated attacker to exploit a vulnerable configuration, potentially leading to a denial of service (DoS) condition on the user machine and, in some cases, resulting in a full ...

8.8CVSS8.2AI score0.00273EPSS