VYPR

Secure Access Client for Linux

by Ivanti

CVEs (20)

  • CVE-2026-8992HigMay 22, 2026
    risk 0.57cvss 8.8epss 0.01

    An improper certificate validation vulnerability in Ivanti Secure Access Client before 22.8R6 allows a remote unauthenticated attacker to execute arbitrary code.

  • CVE-2026-7432HigMay 12, 2026
    risk 0.51cvss 7.8epss 0.00

    A race condition in Ivanti Secure Access Client before 22.8R6 allows a locally authenticated user to escalate privileges to SYSTEM

  • CVE-2025-22454HigMar 11, 2025
    risk 0.51cvss 7.8epss 0.00

    Insufficiently restrictive permissions in Ivanti Secure Access Client before 22.7R4 allows a local authenticated attacker to escalate their privileges.

  • CVE-2024-37398HigNov 13, 2024
    risk 0.51cvss 7.8epss 0.00

    Insufficient validation in Ivanti Secure Access Client before 22.7R4 allows a local authenticated attacker to escalate their privileges.

  • CVE-2024-7571HigNov 12, 2024
    risk 0.51cvss 7.8epss 0.00

    Incorrect permissions in Ivanti Secure Access Client before 22.7R4 allows a local authenticated attacker to escalate their privileges.

  • CVE-2023-38042HigMay 31, 2024
    risk 0.51cvss 7.8epss 0.00

    A local privilege escalation vulnerability in Ivanti Secure Access Client for Windows allows a low privileged user to execute code as SYSTEM.

  • CVE-2023-41718HigNov 15, 2023
    risk 0.51cvss 7.8epss 0.00

    When a particular process flow is initiated, an attacker may be able to gain unauthorized elevated privileges on the affected system when having control over a specific file.

  • CVE-2023-38543HigNov 15, 2023
    risk 0.51cvss 7.8epss 0.00

    A vulnerability exists on all versions of the Ivanti Secure Access Client below 22.6R1.1, which could allow a locally authenticated attacker to exploit a vulnerable configuration, potentially leading to a denial of service (DoS) condition on the user machine.

  • CVE-2023-38043HigNov 15, 2023
    risk 0.51cvss 7.8epss 0.00

    A vulnerability exists on all versions of the Ivanti Secure Access Client below 22.6R1.1, which could allow a locally authenticated attacker to exploit a vulnerable configuration, potentially leading to a denial of service (DoS) condition on the user machine and, in some cases,…

  • CVE-2023-35080HigNov 15, 2023
    risk 0.51cvss 7.8epss 0.01

    A vulnerability has been identified in the Ivanti Secure Access Windows client, which could allow a locally authenticated attacker to exploit a vulnerable configuration, potentially leading to various security risks, including the escalation of privileges, denial of service, or…

  • CVE-2024-9842HigNov 12, 2024
    risk 0.47cvss 7.3epss 0.00

    Incorrect permissions in Ivanti Secure Access Client before version 22.7R4 allows a local authenticated attacker to create arbitrary folders.

  • CVE-2023-46810HigMay 31, 2024
    risk 0.47cvss 7.3epss 0.00

    A local privilege escalation vulnerability in Ivanti Secure Access Client for Linux before 22.7R1, allows a low privileged user to execute code as root.

  • CVE-2024-13813HigFeb 11, 2025
    risk 0.46cvss 7.1epss 0.00

    Insufficient permissions in Ivanti Secure Access Client before version 22.8R1 allows a local authenticated attacker to delete arbitrary files.

  • CVE-2024-8539HigNov 12, 2024
    risk 0.46cvss 7.1epss 0.00

    Improper authorization in Ivanti Secure Access Client before version 22.7R3 allows a local authenticated attacker to modify sensitive configuration files.

  • CVE-2023-38041HigOct 25, 2023
    risk 0.46cvss 7.0epss 0.01

    A logged in user may elevate its permissions by abusing a Time-of-Check to Time-of-Use (TOCTOU) race condition. When a particular process flow is initiated, an attacker can exploit this condition to gain unauthorized elevated privileges on the affected system.

  • CVE-2023-38544MedNov 15, 2023
    risk 0.36cvss 5.5epss 0.00

    A logged in user can modify specific files that may lead to unauthorized changes in system-wide configuration settings. This vulnerability could be exploited to compromise the integrity and security of the network on the affected system.

  • CVE-2024-9843MedNov 12, 2024
    risk 0.33cvss 5.0epss 0.00

    A buffer over-read in Ivanti Secure Access Client before 22.7R4 allows a local unauthenticated attacker to cause a denial of service.

  • CVE-2024-29211MedNov 13, 2024
    risk 0.31cvss 4.7epss 0.00

    A race condition in Ivanti Secure Access Client before version 22.7R4 allows a local authenticated attacker to modify sensitive configuration files.

  • CVE-2026-7431MedMay 12, 2026
    risk 0.29cvss 4.4epss 0.00

    An incorrect permission assignment for critical resource of Ivanti Secure Access Client   before 22.8R6 allows a local authenticated user to read or modify sensitive log data via write access to a shared memory section.

  • CVE-2024-38654MedNov 13, 2024
    risk 0.29cvss 4.4epss 0.00

    Improper bounds checking in Ivanti Secure Access Client before version 22.7R3 allows a local authenticated attacker with admin privileges to cause a denial of service.