CVE-2024-8539 | THREATINT

Description

Improper authorization in Ivanti Secure Access Client before version 22.7R3 allows a local authenticated attacker to modify sensitive configuration files.

PUBLISHED Reserved 2024-09-06 | Published 2024-11-12 | Updated 2024-11-12 | Assigner ivanti

HIGH: 7.1CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H

Problem types

CWE-267: Privilege Defined With Unsafe Actions

Product status

Default status

affected

22.7R3 (custom)

unaffected

References

forums.ivanti.com/...Secure-Access-Client-ISAC-Multiple-CVEs

cve.org (CVE-2024-8539)

nvd.nist.gov (CVE-2024-8539)

Download JSON