Skip to main content

Security Controls

3 CVEs product

Monthly

CVE-2024-10630 HIGH This Month

A race condition in Ivanti Application Control Engine before version 10.14.4.0 allows a local authenticated attacker to bypass the application blocking functionality. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Ivanti Application Control Security Controls
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2024-10251 HIGH This Week

Under specific circumstances, insecure permissions in Ivanti Security Controls before version 2024.4.1 allows a local authenticated attacker to achieve local privilege escalation. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Ivanti Security Controls
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-10256 HIGH This Week

Insufficient permissions in Ivanti Patch SDK before version 9.7.703 allows a local authenticated attacker to delete arbitrary files. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Ivanti Endpoint Manager Neurons Agent Platform Neurons For Patch Management +3
NVD
CVSS 3.1
7.1
EPSS
0.2%
EPSS 0% CVSS 7.8
HIGH This Month

A race condition in Ivanti Application Control Engine before version 10.14.4.0 allows a local authenticated attacker to bypass the application blocking functionality. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Ivanti Application Control +1
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Under specific circumstances, insecure permissions in Ivanti Security Controls before version 2024.4.1 allows a local authenticated attacker to achieve local privilege escalation. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Ivanti Security Controls
NVD
EPSS 0% CVSS 7.1
HIGH This Week

Insufficient permissions in Ivanti Patch SDK before version 9.7.703 allows a local authenticated attacker to delete arbitrary files. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Ivanti Endpoint Manager +5
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy