CVE-2024-8539

High

Improper authorization in Ivanti Secure Access Client before version 22.7R3 allows a local authenticated attacker to modify sensitive…

ivanti·CWE-267·Published 2024-11-12

CVSS

7.1

EPSS

0.00

KEV

Exploits

cve.orgen

154 chars

Improper authorization in Ivanti Secure Access Client before version 22.7R3 allows a local authenticated attacker to modify sensitive configuration files.

NVDen

154 chars

Improper authorization in Ivanti Secure Access Client before version 22.7R3 allows a local authenticated attacker to modify sensitive configuration files.

La autorización incorrecta en Ivanti Secure Access Client anterior a la versión 22.7R3 permite que un atacante autenticado local modifique archivos de configuración confidenciales.

CVSS metrics across sources

Version	Type	Source	Base	Exp	Impact	Vector
3.1	Primary	NVD	7.1	1.8	5.2	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
3.1	Primary	cve.org	7.1	—	—	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
3.1	Secondary	NVD	7.1	1.8	5.2	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H