Ivanti Secure Access Client
15 CVEs affecting Ivanti Secure Access Client. Latest disclosed: 2026-05-22. Critical: 0, High: 12.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2026-8992 | High | 8.8 | 2026-05-22 | An improper certificate validation vulnerability in Ivanti Secure Access Client before 22.8R6 allows a remote unauthenticated attacker to execute arbitrary cod… |
CVE-2023-35080 | High | 8.8 | 2023-11-14 | A vulnerability has been identified in the Ivanti Secure Access Windows client, which could allow a locally authenticated attacker to exploit a vulnerable conf… |
CVE-2026-7432 | High | 7.8 | 2026-05-12 | A race condition in Ivanti Secure Access Client before 22.8R6 allows a locally authenticated user to escalate privileges to SYSTEM |
CVE-2025-22454 | High | 7.8 | 2025-03-11 | Insufficiently restrictive permissions in Ivanti Secure Access Client before 22.7R4 allows a local authenticated attacker to escalate their privileges. |
CVE-2024-37398 | High | 7.8 | 2024-11-13 | Insufficient validation in Ivanti Secure Access Client before 22.7R4 allows a local authenticated attacker to escalate their privileges. |
CVE-2024-7571 | High | 7.8 | 2024-11-12 | Incorrect permissions in Ivanti Secure Access Client before 22.7R4 allows a local authenticated attacker to escalate their privileges. |
CVE-2023-38042 | High | 7.8 | 2024-05-31 | A local privilege escalation vulnerability in Ivanti Secure Access Client for Windows allows a low privileged user to execute code as SYSTEM. |
CVE-2023-38041 | High | 7.8 | 2023-10-25 | A logged in user may elevate its permissions by abusing a Time-of-Check to Time-of-Use (TOCTOU) race condition. When a particular process flow is initiated, an… |
CVE-2024-9842 | High | 7.3 | 2024-11-12 | Incorrect permissions in Ivanti Secure Access Client before version 22.7R4 allows a local authenticated attacker to create arbitrary folders. |
CVE-2024-13813 | High | 7.1 | 2025-02-11 | Insufficient permissions in Ivanti Secure Access Client before version 22.8R1 allows a local authenticated attacker to delete arbitrary files. |
CVE-2024-29211 | High | 7.1 | 2024-11-13 | A race condition in Ivanti Secure Access Client before version 22.7R4 allows a local authenticated attacker to modify sensitive configuration files. |
CVE-2024-8539 | High | 7.1 | 2024-11-12 | Improper authorization in Ivanti Secure Access Client before version 22.7R3 allows a local authenticated attacker to modify sensitive configuration files. |
CVE-2024-9843 | Medium | 5.0 | 2024-11-12 | A buffer over-read in Ivanti Secure Access Client before 22.7R4 allows a local unauthenticated attacker to cause a denial of service. |
CVE-2026-7431 | Medium | 4.4 | 2026-05-12 | An incorrect permission assignment for critical resource of Ivanti Secure Access Client before 22.8R6 allows a local authenticated user to read or modify sen… |
CVE-2024-38654 | Medium | 4.4 | 2024-11-13 | Improper bounds checking in Ivanti Secure Access Client before version 22.7R3 allows a local authenticated attacker with admin privileges to cause a denial of… |