Secure Access Client
Approved changes feed: RSS · Atom
cpe:2.3:a:ivanti:secure_access_client:*:*:*:*:*:*:*:*
part: a version: * update: *
| Vendor | Ivanti (40b984ad-e54c-5e1b-9aa1-2a4cd4d61129) |
|---|---|
| Product | Secure Access Client (74a505ac-c87c-5ff7-baac-94d1fb329991) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from gcve-enriched-dumps CVE data |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2026-8992 |
not_vulnerable | 2026-06-03 15:29:29.925754 |
Details available
HIGH (8.8)
An improper certificate validation vulnerability in Ivanti Secure Access Client before 22.8R6 allows a remote unauthenticated attacker to execute arbitrary code.
Published: 2026-05-22T14:24:53.070Z
Updated: 2026-05-23T03:55:55.923Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2026-7432 |
vulnerable | 2026-06-03 15:27:56.799346 |
Details available
HIGH (7.8)
A race condition in Ivanti Secure Access Client before 22.8R6 allows a locally authenticated user to escalate privileges to SYSTEM
Published: 2026-05-12T14:21:58.252Z
Updated: 2026-05-13T03:57:55.320Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2026-7432 |
not_vulnerable | 2026-06-03 15:27:56.799166 |
Details available
HIGH (7.8)
A race condition in Ivanti Secure Access Client before 22.8R6 allows a locally authenticated user to escalate privileges to SYSTEM
Published: 2026-05-12T14:21:58.252Z
Updated: 2026-05-13T03:57:55.320Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2026-7431 |
vulnerable | 2026-06-03 15:27:56.787983 |
Details available
MEDIUM (4.4)
An incorrect permission assignment for critical resource of Ivanti Secure Access Client before 22.8R6 allows a local authenticated user to read or modify sensitive log data via write access to a shared memory section.
Published: 2026-05-12T14:18:56.543Z
Updated: 2026-05-12T15:45:16.934Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2026-7431 |
not_vulnerable | 2026-06-03 15:27:56.787915 |
Details available
MEDIUM (4.4)
An incorrect permission assignment for critical resource of Ivanti Secure Access Client before 22.8R6 allows a local authenticated user to read or modify sensitive log data via write access to a shared memory section.
Published: 2026-05-12T14:18:56.543Z
Updated: 2026-05-12T15:45:16.934Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-22454 |
vulnerable | 2026-06-03 14:59:39.975932 |
Details available
HIGH (7.8)
Insufficiently restrictive permissions in Ivanti Secure Access Client before 22.7R4 allows a local authenticated attacker to escalate their privileges.
Published: 2025-03-11T14:11:30.497Z
Updated: 2026-02-26T19:09:41.856Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-22454 |
not_vulnerable | 2026-06-03 14:59:39.975884 |
Details available
HIGH (7.8)
Insufficiently restrictive permissions in Ivanti Secure Access Client before 22.7R4 allows a local authenticated attacker to escalate their privileges.
Published: 2025-03-11T14:11:30.497Z
Updated: 2026-02-26T19:09:41.856Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-9843 |
not_vulnerable | 2026-06-03 14:58:22.714935 |
Details available
MEDIUM (5)
A buffer over-read in Ivanti Secure Access Client before 22.7R4 allows a local unauthenticated attacker to cause a denial of service.
Published: 2024-11-12T16:13:09.060Z
Updated: 2024-11-12T17:21:52.651Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-9843 |
vulnerable | 2026-06-03 14:58:22.714891 |
Details available
MEDIUM (5)
A buffer over-read in Ivanti Secure Access Client before 22.7R4 allows a local unauthenticated attacker to cause a denial of service.
Published: 2024-11-12T16:13:09.060Z
Updated: 2024-11-12T17:21:52.651Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-9842 |
vulnerable | 2026-06-03 14:58:22.712377 |
Details available
HIGH (7.3)
Incorrect permissions in Ivanti Secure Access Client before version 22.7R4 allows a local authenticated attacker to create arbitrary folders.
Published: 2024-11-12T16:12:12.164Z
Updated: 2024-11-12T18:24:53.695Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-9842 |
not_vulnerable | 2026-06-03 14:58:22.712224 |
Details available
HIGH (7.3)
Incorrect permissions in Ivanti Secure Access Client before version 22.7R4 allows a local authenticated attacker to create arbitrary folders.
Published: 2024-11-12T16:12:12.164Z
Updated: 2024-11-12T18:24:53.695Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-8539 |
not_vulnerable | 2026-06-03 14:58:18.689942 |
Details available
HIGH (7.1)
Improper authorization in Ivanti Secure Access Client before version 22.7R3 allows a local authenticated attacker to modify sensitive configuration files.
Published: 2024-11-12T16:11:07.141Z
Updated: 2024-11-12T18:26:45.187Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-8539 |
vulnerable | 2026-06-03 14:58:18.689885 |
Details available
HIGH (7.1)
Improper authorization in Ivanti Secure Access Client before version 22.7R3 allows a local authenticated attacker to modify sensitive configuration files.
Published: 2024-11-12T16:11:07.141Z
Updated: 2024-11-12T18:26:45.187Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-7571 |
vulnerable | 2026-06-03 14:58:06.396173 |
Details available
HIGH (7.8)
Incorrect permissions in Ivanti Secure Access Client before 22.7R4 allows a local authenticated attacker to escalate their privileges.
Published: 2024-11-12T16:14:02.778Z
Updated: 2024-11-19T17:15:02.280Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-7571 |
not_vulnerable | 2026-06-03 14:58:06.396124 |
Details available
HIGH (7.8)
Incorrect permissions in Ivanti Secure Access Client before 22.7R4 allows a local authenticated attacker to escalate their privileges.
Published: 2024-11-12T16:14:02.778Z
Updated: 2024-11-19T17:15:02.280Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-38654 |
vulnerable | 2026-06-03 14:56:19.230488 |
Details available
MEDIUM (4.4)
Improper bounds checking in Ivanti Secure Access Client before version 22.7R3 allows a local authenticated attacker with admin privileges to cause a denial of service.
Published: 2024-11-13T01:54:45.470Z
Updated: 2024-11-13T17:01:06.962Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-37398 |
vulnerable | 2026-06-03 14:56:06.483273 |
Details available
HIGH (7.8)
Insufficient validation in Ivanti Secure Access Client before 22.7R4 allows a local authenticated attacker to escalate their privileges.
Published: 2024-11-13T01:54:45.406Z
Updated: 2025-03-13T17:50:08.929Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-29211 |
vulnerable | 2026-06-03 14:55:27.103105 |
Details available
HIGH (7.1)
A race condition in Ivanti Secure Access Client before version 22.7R4 allows a local authenticated attacker to modify sensitive configuration files.
Published: 2024-11-13T01:54:45.547Z
Updated: 2024-11-13T16:49:48.676Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-13813 |
vulnerable | 2026-06-03 14:54:25.493286 |
Details available
HIGH (7.1)
Insufficient permissions in Ivanti Secure Access Client before version 22.8R1 allows a local authenticated attacker to delete arbitrary files.
Published: 2025-02-11T15:26:57.315Z
Updated: 2025-02-11T16:01:48.354Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-13813 |
not_vulnerable | 2026-06-03 14:54:25.493238 |
Details available
HIGH (7.1)
Insufficient permissions in Ivanti Secure Access Client before version 22.8R1 allows a local authenticated attacker to delete arbitrary files.
Published: 2025-02-11T15:26:57.315Z
Updated: 2025-02-11T16:01:48.354Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-46810 |
vulnerable | 2026-06-03 14:53:16.556886 |
Details available
HIGH (7.3)
A local privilege escalation vulnerability in Ivanti Secure Access Client for Linux before 22.7R1, allows a low privileged user to execute code as root.
Published: 2024-05-31T17:38:31.425Z
Updated: 2025-03-13T21:14:08.463Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-38543 |
vulnerable | 2026-06-03 14:52:31.476808 |
Details available
HIGH (8.8)
A vulnerability exists on all versions of the Ivanti Secure Access Client below 22.6R1.1, which could allow a locally authenticated attacker to exploit a vulnerable configuration, potentially leading to a denial of service (DoS) condition on the user machine.
Published: 2023-11-14T23:18:08.348Z
Updated: 2025-01-07T18:57:48.609Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-38043 |
vulnerable | 2026-06-03 14:52:30.232027 |
Details available
HIGH (8.8)
A vulnerability exists on all versions of the Ivanti Secure Access Client below 22.6R1.1, which could allow a locally authenticated attacker to exploit a vulnerable configuration, potentially leading to a denial of service (DoS) condition on the user machine and, in some cases, resulting in a full compromise of the system.
Published: 2023-11-14T23:18:08.378Z
Updated: 2024-08-12T14:35:59.161Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-38042 |
vulnerable | 2026-06-03 14:52:30.229053 |
Details available
HIGH (7.8)
A local privilege escalation vulnerability in Ivanti Secure Access Client for Windows allows a low privileged user to execute code as SYSTEM.
Published: 2024-05-31T17:38:31.427Z
Updated: 2024-08-02T17:30:12.374Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-38041 |
vulnerable | 2026-06-03 14:52:30.228663 |
Details available
HIGH (7.8)
A logged in user may elevate its permissions by abusing a Time-of-Check to Time-of-Use (TOCTOU) race condition. When a particular process flow is initiated, an attacker can exploit this condition to gain unauthorized elevated privileges on the affected system.
Published: 2023-10-25T00:24:34.090Z
Updated: 2025-03-07T18:23:51.147Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-35080 |
vulnerable | 2026-06-03 14:52:17.706332 |
Details available
HIGH (8.8)
A vulnerability has been identified in the Ivanti Secure Access Windows client, which could allow a locally authenticated attacker to exploit a vulnerable configuration, potentially leading to various security risks, including the escalation of privileges, denial of service, or information disclosure.
Published: 2023-11-14T23:18:08.387Z
Updated: 2025-01-07T18:56:18.735Z |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.