Secure Access Client Security Vulnerabilities and Issues — Secure Access Client CVE List

Lucene search

IvantiSecure Access Client

12 matches found

CVE•added 2024/05/03 2:15 a.m.•48 views

CVE-2023-34298

Pulse Secure Client SetupService Directory Traversal Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Pulse Secure Client. An attacker must first obtain the ability to execute low-privileged code on the target sy...

7.8CVSS7.8AI score0.00085EPSS

CVE•added 2025/03/11 3:15 p.m.•48 views

CVE-2025-22454

Insufficiently restrictive permissions in Ivanti Secure Access Client before 22.7R4 allows a local authenticated attacker to escalate their privileges.

7.8CVSS6.8AI score0.00117EPSS

CVE•added 2023/10/25 6:17 p.m.•46 views

CVE-2023-38041

A logged in user may elevate its permissions by abusing a Time-of-Check to Time-of-Use (TOCTOU) race condition. When a particular process flow is initiated, an attacker can exploit this condition to gain unauthorized elevated privileges on the affected system.

7.8CVSS7.6AI score0.00425EPSS

CVE•added 2024/11/13 2:15 a.m.•44 views

CVE-2024-29211

A race condition in Ivanti Secure Access Client before version 22.7R4 allows a local authenticated attacker to modify sensitive configuration files.

7.1CVSS6.5AI score0.00096EPSS

CVE•added 2025/02/11 4:15 p.m.•43 views

CVE-2024-13813

Insufficient permissions in Ivanti Secure Access Client before version 22.8R1 allows a local authenticated attacker to delete arbitrary files.

7.1CVSS6.7AI score0.00074EPSS

CVE•added 2024/05/31 6:15 p.m.•42 views

CVE-2023-38042

A local privilege escalation vulnerability in Ivanti Secure Access Client for Windows allows a low privileged user to execute code as SYSTEM.

7.8CVSS7.6AI score0.00139EPSS

CVE•added 2024/11/13 2:15 a.m.•41 views

CVE-2024-37398

Insufficient validation in Ivanti Secure Access Client before 22.7R4 allows a local authenticated attacker to escalate their privileges.

7.8CVSS6.9AI score0.00106EPSS

CVE•added 2024/11/12 5:15 p.m.•39 views

CVE-2024-7571

Incorrect permissions in Ivanti Secure Access Client before 22.7R4 allows a local authenticated attacker to escalate their privileges.

7.8CVSS6.8AI score0.00141EPSS

CVE•added 2024/11/12 5:15 p.m.•37 views

CVE-2024-8539

Improper authorization in Ivanti Secure Access Client before version 22.7R3 allows a local authenticated attacker to modify sensitive configuration files.

7.1CVSS6.4AI score0.00115EPSS

CVE•added 2024/11/12 5:15 p.m.•35 views

CVE-2024-9842

Incorrect permissions in Ivanti Secure Access Client before version 22.7R4 allows a local authenticated attacker to create arbitrary folders.

7.3CVSS6.7AI score0.00108EPSS

CVE•added 2023/11/15 12:15 a.m.•34 views

CVE-2023-41718

When a particular process flow is initiated, an attacker may be able to gain unauthorized elevated privileges on the affected system when having control over a specific file.

7.8CVSS7.6AI score0.00212EPSS

CVE•added 2024/05/31 6:15 p.m.•33 views

CVE-2023-46810

A local privilege escalation vulnerability in Ivanti Secure Access Client for Linux before 22.7R1, allows a low privileged user to execute code as root.

7.3CVSS7.6AI score0.00088EPSS