VYPR

Secure Access Client

by Citrix Systems

CVEs (16)

  • CVE-2026-7432HigMay 12, 2026
    risk 0.51cvss 7.8epss 0.00

    A race condition in Ivanti Secure Access Client before 22.8R6 allows a locally authenticated user to escalate privileges to SYSTEM

  • CVE-2026-33449HigApr 30, 2026
    risk 0.49cvss 7.5epss 0.00

    CVE-2026-33449 is a buffer overflow in a message handling function of the Secure Access client prior to 14.50. Attackers with control of a modified server can send a cryptographically valid message to the client, overwriting a small portion of memory conceivably leading to a …

  • CVE-2025-1223MedFeb 20, 2025
    risk 0.40cvss 6.1epss 0.00

    An attacker can gain application privileges in order to perform limited modification and/or read arbitrary data in Citrix Secure Access Client for Mac

  • CVE-2025-1222MedFeb 20, 2025
    risk 0.40cvss 6.1epss 0.00

    An attacker can gain application privileges in order to perform limited modification and/or read arbitrary data in Citrix Secure Access Client for Mac

  • CVE-2025-0320Jun 17, 2025
    risk 0.00cvss epss 0.00

    Local Privilege escalation allows a low-privileged user to gain SYSTEM privileges in Citrix Secure Access Client for Windows

  • CVE-2025-22454Mar 11, 2025
    risk 0.00cvss epss 0.00

    Insufficiently restrictive permissions in Ivanti Secure Access Client before 22.7R4 allows a local authenticated attacker to escalate their privileges.

  • CVE-2024-13813Feb 11, 2025
    risk 0.00cvss epss 0.00

    Insufficient permissions in Ivanti Secure Access Client before version 22.8R1 allows a local authenticated attacker to delete arbitrary files.

  • CVE-2024-29211Nov 13, 2024
    risk 0.00cvss epss 0.00

    A race condition in Ivanti Secure Access Client before version 22.7R4 allows a local authenticated attacker to modify sensitive configuration files.

  • CVE-2024-38654Nov 13, 2024
    risk 0.00cvss epss 0.00

    Improper bounds checking in Ivanti Secure Access Client before version 22.7R3 allows a local authenticated attacker with admin privileges to cause a denial of service.

  • CVE-2024-37398Nov 13, 2024
    risk 0.00cvss epss 0.00

    Insufficient validation in Ivanti Secure Access Client before 22.7R4 allows a local authenticated attacker to escalate their privileges.

  • CVE-2024-7571Nov 12, 2024
    risk 0.00cvss epss 0.00

    Incorrect permissions in Ivanti Secure Access Client before 22.7R4 allows a local authenticated attacker to escalate their privileges.

  • CVE-2024-9843Nov 12, 2024
    risk 0.00cvss epss 0.00

    A buffer over-read in Ivanti Secure Access Client before 22.7R4 allows a local unauthenticated attacker to cause a denial of service.

  • CVE-2024-9842Nov 12, 2024
    risk 0.00cvss epss 0.00

    Incorrect permissions in Ivanti Secure Access Client before version 22.7R4 allows a local authenticated attacker to create arbitrary folders.

  • CVE-2024-8539Nov 12, 2024
    risk 0.00cvss epss 0.00

    Improper authorization in Ivanti Secure Access Client before version 22.7R3 allows a local authenticated attacker to modify sensitive configuration files.

  • CVE-2023-24492Jul 11, 2023
    risk 0.00cvss epss 0.01

    A vulnerability has been discovered in the Citrix Secure Access client for Ubuntu which, if exploited, could allow an attacker to remotely execute code if a victim user opens an attacker-crafted link and accepts further prompts.

  • CVE-2023-24491Jul 11, 2023
    risk 0.00cvss epss 0.00

    A vulnerability has been discovered in the Citrix Secure Access client for Windows which, if exploited, could allow an attacker with access to an endpoint with Standard User Account that has the vulnerable client installed to escalate their local privileges to that of NT…