Secure Access Client
CVEs (16)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-7432 | Hig | 0.51 | 7.8 | 0.00 | May 12, 2026 | A race condition in Ivanti Secure Access Client before 22.8R6 allows a locally authenticated user to escalate privileges to SYSTEM | ||
| CVE-2026-33449 | Hig | 0.49 | 7.5 | 0.00 | Apr 30, 2026 | CVE-2026-33449 is a buffer overflow in a message handling function of the Secure Access client prior to 14.50. Attackers with control of a modified server can send a cryptographically valid message to the client, overwriting a small portion of memory conceivably leading to a … | ||
| CVE-2025-1223 | Med | 0.40 | 6.1 | 0.00 | Feb 20, 2025 | An attacker can gain application privileges in order to perform limited modification and/or read arbitrary data in Citrix Secure Access Client for Mac | ||
| CVE-2025-1222 | Med | 0.40 | 6.1 | 0.00 | Feb 20, 2025 | An attacker can gain application privileges in order to perform limited modification and/or read arbitrary data in Citrix Secure Access Client for Mac | ||
| CVE-2025-0320 | 0.00 | — | 0.00 | Jun 17, 2025 | Local Privilege escalation allows a low-privileged user to gain SYSTEM privileges in Citrix Secure Access Client for Windows | |||
| CVE-2025-22454 | 0.00 | — | 0.00 | Mar 11, 2025 | Insufficiently restrictive permissions in Ivanti Secure Access Client before 22.7R4 allows a local authenticated attacker to escalate their privileges. | |||
| CVE-2024-13813 | 0.00 | — | 0.00 | Feb 11, 2025 | Insufficient permissions in Ivanti Secure Access Client before version 22.8R1 allows a local authenticated attacker to delete arbitrary files. | |||
| CVE-2024-29211 | 0.00 | — | 0.00 | Nov 13, 2024 | A race condition in Ivanti Secure Access Client before version 22.7R4 allows a local authenticated attacker to modify sensitive configuration files. | |||
| CVE-2024-38654 | 0.00 | — | 0.00 | Nov 13, 2024 | Improper bounds checking in Ivanti Secure Access Client before version 22.7R3 allows a local authenticated attacker with admin privileges to cause a denial of service. | |||
| CVE-2024-37398 | 0.00 | — | 0.00 | Nov 13, 2024 | Insufficient validation in Ivanti Secure Access Client before 22.7R4 allows a local authenticated attacker to escalate their privileges. | |||
| CVE-2024-7571 | 0.00 | — | 0.00 | Nov 12, 2024 | Incorrect permissions in Ivanti Secure Access Client before 22.7R4 allows a local authenticated attacker to escalate their privileges. | |||
| CVE-2024-9843 | 0.00 | — | 0.00 | Nov 12, 2024 | A buffer over-read in Ivanti Secure Access Client before 22.7R4 allows a local unauthenticated attacker to cause a denial of service. | |||
| CVE-2024-9842 | 0.00 | — | 0.00 | Nov 12, 2024 | Incorrect permissions in Ivanti Secure Access Client before version 22.7R4 allows a local authenticated attacker to create arbitrary folders. | |||
| CVE-2024-8539 | 0.00 | — | 0.00 | Nov 12, 2024 | Improper authorization in Ivanti Secure Access Client before version 22.7R3 allows a local authenticated attacker to modify sensitive configuration files. | |||
| CVE-2023-24492 | 0.00 | — | 0.01 | Jul 11, 2023 | A vulnerability has been discovered in the Citrix Secure Access client for Ubuntu which, if exploited, could allow an attacker to remotely execute code if a victim user opens an attacker-crafted link and accepts further prompts. | |||
| CVE-2023-24491 | 0.00 | — | 0.00 | Jul 11, 2023 | A vulnerability has been discovered in the Citrix Secure Access client for Windows which, if exploited, could allow an attacker with access to an endpoint with Standard User Account that has the vulnerable client installed to escalate their local privileges to that of NT… |
- risk 0.51cvss 7.8epss 0.00
A race condition in Ivanti Secure Access Client before 22.8R6 allows a locally authenticated user to escalate privileges to SYSTEM
- risk 0.49cvss 7.5epss 0.00
CVE-2026-33449 is a buffer overflow in a message handling function of the Secure Access client prior to 14.50. Attackers with control of a modified server can send a cryptographically valid message to the client, overwriting a small portion of memory conceivably leading to a …
- risk 0.40cvss 6.1epss 0.00
An attacker can gain application privileges in order to perform limited modification and/or read arbitrary data in Citrix Secure Access Client for Mac
- risk 0.40cvss 6.1epss 0.00
An attacker can gain application privileges in order to perform limited modification and/or read arbitrary data in Citrix Secure Access Client for Mac
- CVE-2025-0320Jun 17, 2025risk 0.00cvss —epss 0.00
Local Privilege escalation allows a low-privileged user to gain SYSTEM privileges in Citrix Secure Access Client for Windows
- CVE-2025-22454Mar 11, 2025risk 0.00cvss —epss 0.00
Insufficiently restrictive permissions in Ivanti Secure Access Client before 22.7R4 allows a local authenticated attacker to escalate their privileges.
- CVE-2024-13813Feb 11, 2025risk 0.00cvss —epss 0.00
Insufficient permissions in Ivanti Secure Access Client before version 22.8R1 allows a local authenticated attacker to delete arbitrary files.
- CVE-2024-29211Nov 13, 2024risk 0.00cvss —epss 0.00
A race condition in Ivanti Secure Access Client before version 22.7R4 allows a local authenticated attacker to modify sensitive configuration files.
- CVE-2024-38654Nov 13, 2024risk 0.00cvss —epss 0.00
Improper bounds checking in Ivanti Secure Access Client before version 22.7R3 allows a local authenticated attacker with admin privileges to cause a denial of service.
- CVE-2024-37398Nov 13, 2024risk 0.00cvss —epss 0.00
Insufficient validation in Ivanti Secure Access Client before 22.7R4 allows a local authenticated attacker to escalate their privileges.
- CVE-2024-7571Nov 12, 2024risk 0.00cvss —epss 0.00
Incorrect permissions in Ivanti Secure Access Client before 22.7R4 allows a local authenticated attacker to escalate their privileges.
- CVE-2024-9843Nov 12, 2024risk 0.00cvss —epss 0.00
A buffer over-read in Ivanti Secure Access Client before 22.7R4 allows a local unauthenticated attacker to cause a denial of service.
- CVE-2024-9842Nov 12, 2024risk 0.00cvss —epss 0.00
Incorrect permissions in Ivanti Secure Access Client before version 22.7R4 allows a local authenticated attacker to create arbitrary folders.
- CVE-2024-8539Nov 12, 2024risk 0.00cvss —epss 0.00
Improper authorization in Ivanti Secure Access Client before version 22.7R3 allows a local authenticated attacker to modify sensitive configuration files.
- CVE-2023-24492Jul 11, 2023risk 0.00cvss —epss 0.01
A vulnerability has been discovered in the Citrix Secure Access client for Ubuntu which, if exploited, could allow an attacker to remotely execute code if a victim user opens an attacker-crafted link and accepts further prompts.
- CVE-2023-24491Jul 11, 2023risk 0.00cvss —epss 0.00
A vulnerability has been discovered in the Citrix Secure Access client for Windows which, if exploited, could allow an attacker with access to an endpoint with Standard User Account that has the vulnerable client installed to escalate their local privileges to that of NT…