Ivanti Secure Access Client 22.3 R3

CPE Details

Ivanti Secure Access Client 22.3 R3
ivanti
secure_access_client
22.3
2023-10-30
15h59 +00:00
2023-10-30
15h59 +00:00
CPE NVD
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:ivanti:secure_access_client:22.3:r3:*:*:*:*:*:*

Informations

Vendor

ivanti

Product

secure_access_client

Version

22.3

Update

r3

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2024-13813 2025-02-11 15h26 +00:00 Insufficient permissions in Ivanti Secure Access Client before version 22.8R1 allows a local authenticated attacker to delete arbitrary files.
7.1
High
CVE-2024-29211 2024-11-13 01h54 +00:00 A race condition in Ivanti Secure Access Client before version 22.7R4 allows a local authenticated attacker to modify sensitive configuration files.
4.7
Medium
CVE-2024-37398 2024-11-13 01h54 +00:00 Insufficient validation in Ivanti Secure Access Client before 22.7R4 allows a local authenticated attacker to escalate their privileges.
7.8
High
CVE-2024-7571 2024-11-12 16h14 +00:00 Incorrect permissions in Ivanti Secure Access Client before 22.7R4 allows a local authenticated attacker to escalate their privileges.
7.8
High
CVE-2024-9843 2024-11-12 16h13 +00:00 A buffer over-read in Ivanti Secure Access Client before 22.7R4 allows a local unauthenticated attacker to cause a denial of service.
5.5
Medium
CVE-2024-9842 2024-11-12 16h12 +00:00 Incorrect permissions in Ivanti Secure Access Client before version 22.7R4 allows a local authenticated attacker to create arbitrary folders.
7.3
High
CVE-2024-8539 2024-11-12 16h11 +00:00 Improper authorization in Ivanti Secure Access Client before version 22.7R3 allows a local authenticated attacker to modify sensitive configuration files.
7.1
High
CVE-2023-41718 2023-11-14 23h18 +00:00 When a particular process flow is initiated, an attacker may be able to gain unauthorized elevated privileges on the affected system when having control over a specific file.
7.8
High
CVE-2023-35080 2023-11-14 23h18 +00:00 A vulnerability has been identified in the Ivanti Secure Access Windows client, which could allow a locally authenticated attacker to exploit a vulnerable configuration, potentially leading to various security risks, including the escalation of privileges, denial of service, or information disclosure.
7.8
High
CVE-2023-38544 2023-11-14 23h18 +00:00 A logged in user can modify specific files that may lead to unauthorized changes in system-wide configuration settings. This vulnerability could be exploited to compromise the integrity and security of the network on the affected system.
5.5
Medium
CVE-2023-38043 2023-11-14 23h18 +00:00 A vulnerability exists on all versions of the Ivanti Secure Access Client below 22.6R1.1, which could allow a locally authenticated attacker to exploit a vulnerable configuration, potentially leading to a denial of service (DoS) condition on the user machine and, in some cases, resulting in a full compromise of the system.
7.8
High
CVE-2023-38543 2023-11-14 23h18 +00:00 A vulnerability exists on all versions of the Ivanti Secure Access Client below 22.6R1.1, which could allow a locally authenticated attacker to exploit a vulnerable configuration, potentially leading to a denial of service (DoS) condition on the user machine.
7.8
High
CVE-2023-38041 2023-10-25 00h24 +00:00 A logged in user may elevate its permissions by abusing a Time-of-Check to Time-of-Use (TOCTOU) race condition. When a particular process flow is initiated, an attacker can exploit this condition to gain unauthorized elevated privileges on the affected system.
7
High