VYPR

Secure Access Windows client

by Ivanti

CVEs (11)

  • CVE-2025-22454HigMar 11, 2025
    risk 0.51cvss 7.8epss 0.00

    Insufficiently restrictive permissions in Ivanti Secure Access Client before 22.7R4 allows a local authenticated attacker to escalate their privileges.

  • CVE-2024-37398HigNov 13, 2024
    risk 0.51cvss 7.8epss 0.00

    Insufficient validation in Ivanti Secure Access Client before 22.7R4 allows a local authenticated attacker to escalate their privileges.

  • CVE-2024-7571HigNov 12, 2024
    risk 0.51cvss 7.8epss 0.00

    Incorrect permissions in Ivanti Secure Access Client before 22.7R4 allows a local authenticated attacker to escalate their privileges.

  • CVE-2023-38042HigMay 31, 2024
    risk 0.51cvss 7.8epss 0.00

    A local privilege escalation vulnerability in Ivanti Secure Access Client for Windows allows a low privileged user to execute code as SYSTEM.

  • CVE-2023-35080HigNov 15, 2023
    risk 0.51cvss 7.8epss 0.01

    A vulnerability has been identified in the Ivanti Secure Access Windows client, which could allow a locally authenticated attacker to exploit a vulnerable configuration, potentially leading to various security risks, including the escalation of privileges, denial of service, or…

  • CVE-2024-9842HigNov 12, 2024
    risk 0.47cvss 7.3epss 0.00

    Incorrect permissions in Ivanti Secure Access Client before version 22.7R4 allows a local authenticated attacker to create arbitrary folders.

  • CVE-2024-13813HigFeb 11, 2025
    risk 0.46cvss 7.1epss 0.00

    Insufficient permissions in Ivanti Secure Access Client before version 22.8R1 allows a local authenticated attacker to delete arbitrary files.

  • CVE-2024-8539HigNov 12, 2024
    risk 0.46cvss 7.1epss 0.00

    Improper authorization in Ivanti Secure Access Client before version 22.7R3 allows a local authenticated attacker to modify sensitive configuration files.

  • CVE-2024-9843MedNov 12, 2024
    risk 0.33cvss 5.0epss 0.00

    A buffer over-read in Ivanti Secure Access Client before 22.7R4 allows a local unauthenticated attacker to cause a denial of service.

  • CVE-2024-29211MedNov 13, 2024
    risk 0.31cvss 4.7epss 0.00

    A race condition in Ivanti Secure Access Client before version 22.7R4 allows a local authenticated attacker to modify sensitive configuration files.

  • CVE-2024-38654MedNov 13, 2024
    risk 0.29cvss 4.4epss 0.00

    Improper bounds checking in Ivanti Secure Access Client before version 22.7R3 allows a local authenticated attacker with admin privileges to cause a denial of service.