Secure Access Client for Linux
by Ivanti
CVEs (20)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-8992 | Hig | 0.57 | 8.8 | 0.01 | May 22, 2026 | An improper certificate validation vulnerability in Ivanti Secure Access Client before 22.8R6 allows a remote unauthenticated attacker to execute arbitrary code. | ||
| CVE-2026-7432 | Hig | 0.51 | 7.8 | 0.00 | May 12, 2026 | A race condition in Ivanti Secure Access Client before 22.8R6 allows a locally authenticated user to escalate privileges to SYSTEM | ||
| CVE-2025-22454 | Hig | 0.51 | 7.8 | 0.00 | Mar 11, 2025 | Insufficiently restrictive permissions in Ivanti Secure Access Client before 22.7R4 allows a local authenticated attacker to escalate their privileges. | ||
| CVE-2024-37398 | Hig | 0.51 | 7.8 | 0.00 | Nov 13, 2024 | Insufficient validation in Ivanti Secure Access Client before 22.7R4 allows a local authenticated attacker to escalate their privileges. | ||
| CVE-2024-7571 | Hig | 0.51 | 7.8 | 0.00 | Nov 12, 2024 | Incorrect permissions in Ivanti Secure Access Client before 22.7R4 allows a local authenticated attacker to escalate their privileges. | ||
| CVE-2023-38042 | Hig | 0.51 | 7.8 | 0.00 | May 31, 2024 | A local privilege escalation vulnerability in Ivanti Secure Access Client for Windows allows a low privileged user to execute code as SYSTEM. | ||
| CVE-2023-41718 | Hig | 0.51 | 7.8 | 0.00 | Nov 15, 2023 | When a particular process flow is initiated, an attacker may be able to gain unauthorized elevated privileges on the affected system when having control over a specific file. | ||
| CVE-2023-38543 | Hig | 0.51 | 7.8 | 0.00 | Nov 15, 2023 | A vulnerability exists on all versions of the Ivanti Secure Access Client below 22.6R1.1, which could allow a locally authenticated attacker to exploit a vulnerable configuration, potentially leading to a denial of service (DoS) condition on the user machine. | ||
| CVE-2023-38043 | Hig | 0.51 | 7.8 | 0.00 | Nov 15, 2023 | A vulnerability exists on all versions of the Ivanti Secure Access Client below 22.6R1.1, which could allow a locally authenticated attacker to exploit a vulnerable configuration, potentially leading to a denial of service (DoS) condition on the user machine and, in some cases,… | ||
| CVE-2023-35080 | Hig | 0.51 | 7.8 | 0.01 | Nov 15, 2023 | A vulnerability has been identified in the Ivanti Secure Access Windows client, which could allow a locally authenticated attacker to exploit a vulnerable configuration, potentially leading to various security risks, including the escalation of privileges, denial of service, or… | ||
| CVE-2024-9842 | Hig | 0.47 | 7.3 | 0.00 | Nov 12, 2024 | Incorrect permissions in Ivanti Secure Access Client before version 22.7R4 allows a local authenticated attacker to create arbitrary folders. | ||
| CVE-2023-46810 | Hig | 0.47 | 7.3 | 0.00 | May 31, 2024 | A local privilege escalation vulnerability in Ivanti Secure Access Client for Linux before 22.7R1, allows a low privileged user to execute code as root. | ||
| CVE-2024-13813 | Hig | 0.46 | 7.1 | 0.00 | Feb 11, 2025 | Insufficient permissions in Ivanti Secure Access Client before version 22.8R1 allows a local authenticated attacker to delete arbitrary files. | ||
| CVE-2024-8539 | Hig | 0.46 | 7.1 | 0.00 | Nov 12, 2024 | Improper authorization in Ivanti Secure Access Client before version 22.7R3 allows a local authenticated attacker to modify sensitive configuration files. | ||
| CVE-2023-38041 | Hig | 0.46 | 7.0 | 0.01 | Oct 25, 2023 | A logged in user may elevate its permissions by abusing a Time-of-Check to Time-of-Use (TOCTOU) race condition. When a particular process flow is initiated, an attacker can exploit this condition to gain unauthorized elevated privileges on the affected system. | ||
| CVE-2023-38544 | Med | 0.36 | 5.5 | 0.00 | Nov 15, 2023 | A logged in user can modify specific files that may lead to unauthorized changes in system-wide configuration settings. This vulnerability could be exploited to compromise the integrity and security of the network on the affected system. | ||
| CVE-2024-9843 | Med | 0.33 | 5.0 | 0.00 | Nov 12, 2024 | A buffer over-read in Ivanti Secure Access Client before 22.7R4 allows a local unauthenticated attacker to cause a denial of service. | ||
| CVE-2024-29211 | Med | 0.31 | 4.7 | 0.00 | Nov 13, 2024 | A race condition in Ivanti Secure Access Client before version 22.7R4 allows a local authenticated attacker to modify sensitive configuration files. | ||
| CVE-2026-7431 | Med | 0.29 | 4.4 | 0.00 | May 12, 2026 | An incorrect permission assignment for critical resource of Ivanti Secure Access Client before 22.8R6 allows a local authenticated user to read or modify sensitive log data via write access to a shared memory section. | ||
| CVE-2024-38654 | Med | 0.29 | 4.4 | 0.00 | Nov 13, 2024 | Improper bounds checking in Ivanti Secure Access Client before version 22.7R3 allows a local authenticated attacker with admin privileges to cause a denial of service. |
- risk 0.57cvss 8.8epss 0.01
An improper certificate validation vulnerability in Ivanti Secure Access Client before 22.8R6 allows a remote unauthenticated attacker to execute arbitrary code.
- risk 0.51cvss 7.8epss 0.00
A race condition in Ivanti Secure Access Client before 22.8R6 allows a locally authenticated user to escalate privileges to SYSTEM
- risk 0.51cvss 7.8epss 0.00
Insufficiently restrictive permissions in Ivanti Secure Access Client before 22.7R4 allows a local authenticated attacker to escalate their privileges.
- risk 0.51cvss 7.8epss 0.00
Insufficient validation in Ivanti Secure Access Client before 22.7R4 allows a local authenticated attacker to escalate their privileges.
- risk 0.51cvss 7.8epss 0.00
Incorrect permissions in Ivanti Secure Access Client before 22.7R4 allows a local authenticated attacker to escalate their privileges.
- risk 0.51cvss 7.8epss 0.00
A local privilege escalation vulnerability in Ivanti Secure Access Client for Windows allows a low privileged user to execute code as SYSTEM.
- risk 0.51cvss 7.8epss 0.00
When a particular process flow is initiated, an attacker may be able to gain unauthorized elevated privileges on the affected system when having control over a specific file.
- risk 0.51cvss 7.8epss 0.00
A vulnerability exists on all versions of the Ivanti Secure Access Client below 22.6R1.1, which could allow a locally authenticated attacker to exploit a vulnerable configuration, potentially leading to a denial of service (DoS) condition on the user machine.
- risk 0.51cvss 7.8epss 0.00
A vulnerability exists on all versions of the Ivanti Secure Access Client below 22.6R1.1, which could allow a locally authenticated attacker to exploit a vulnerable configuration, potentially leading to a denial of service (DoS) condition on the user machine and, in some cases,…
- risk 0.51cvss 7.8epss 0.01
A vulnerability has been identified in the Ivanti Secure Access Windows client, which could allow a locally authenticated attacker to exploit a vulnerable configuration, potentially leading to various security risks, including the escalation of privileges, denial of service, or…
- risk 0.47cvss 7.3epss 0.00
Incorrect permissions in Ivanti Secure Access Client before version 22.7R4 allows a local authenticated attacker to create arbitrary folders.
- risk 0.47cvss 7.3epss 0.00
A local privilege escalation vulnerability in Ivanti Secure Access Client for Linux before 22.7R1, allows a low privileged user to execute code as root.
- risk 0.46cvss 7.1epss 0.00
Insufficient permissions in Ivanti Secure Access Client before version 22.8R1 allows a local authenticated attacker to delete arbitrary files.
- risk 0.46cvss 7.1epss 0.00
Improper authorization in Ivanti Secure Access Client before version 22.7R3 allows a local authenticated attacker to modify sensitive configuration files.
- risk 0.46cvss 7.0epss 0.01
A logged in user may elevate its permissions by abusing a Time-of-Check to Time-of-Use (TOCTOU) race condition. When a particular process flow is initiated, an attacker can exploit this condition to gain unauthorized elevated privileges on the affected system.
- risk 0.36cvss 5.5epss 0.00
A logged in user can modify specific files that may lead to unauthorized changes in system-wide configuration settings. This vulnerability could be exploited to compromise the integrity and security of the network on the affected system.
- risk 0.33cvss 5.0epss 0.00
A buffer over-read in Ivanti Secure Access Client before 22.7R4 allows a local unauthenticated attacker to cause a denial of service.
- risk 0.31cvss 4.7epss 0.00
A race condition in Ivanti Secure Access Client before version 22.7R4 allows a local authenticated attacker to modify sensitive configuration files.
- risk 0.29cvss 4.4epss 0.00
An incorrect permission assignment for critical resource of Ivanti Secure Access Client before 22.8R6 allows a local authenticated user to read or modify sensitive log data via write access to a shared memory section.
- risk 0.29cvss 4.4epss 0.00
Improper bounds checking in Ivanti Secure Access Client before version 22.7R3 allows a local authenticated attacker with admin privileges to cause a denial of service.