Secure Access Client

secure_access_client

Vendor: Ivanti • 21 CVEs

CVEs (21)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2026-8992 1Ivanti 1Secure Access Client May 22, 2026 May 22, 2026 N/A· v4 8.8 HIGH· v3 N/A· v2 An improper certificate validation vulnerability in Ivanti Secure Access Client before 22.8R6 allows a remote unauthenticated attacker to execute arbitrary code.
CVE-2026-7432 1Ivanti 1Secure Access Client May 12, 2026 May 12, 2026 N/A· v4 7.0 HIGH· v3 N/A· v2 A race condition in Ivanti Secure Access Client before 22.8R6 allows a locally authenticated user to escalate privileges to SYSTEM
CVE-2026-7431 1Ivanti 1Secure Access Client May 12, 2026 May 12, 2026 N/A· v4 4.4 MEDIUM· v3 N/A· v2 An incorrect permission assignment for critical resource of Ivanti Secure Access Client before 22.8R6 allows a local authenticated user to read or modify sensitive log data via write access to a shared memory section.
CVE-2025-22454 1Ivanti 1Secure Access Client Jul 16, 2025 Mar 11, 2025 N/A· v4 7.8 HIGH· v3 N/A· v2 Insufficiently restrictive permissions in Ivanti Secure Access Client before 22.7R4 allows a local authenticated attacker to escalate their privileges.
CVE-2024-13813 1Ivanti 1Secure Access Client Feb 20, 2025 Feb 11, 2025 N/A· v4 7.1 HIGH· v3 N/A· v2 Insufficient permissions in Ivanti Secure Access Client before version 22.8R1 allows a local authenticated attacker to delete arbitrary files.
CVE-2024-38654 1Ivanti 1Secure Access Client Jun 27, 2025 Nov 13, 2024 N/A· v4 4.4 MEDIUM· v3 N/A· v2 Improper bounds checking in Ivanti Secure Access Client before version 22.7R3 allows a local authenticated attacker with admin privileges to cause a denial of service.
CVE-2024-37398 1Ivanti 1Secure Access Client Nov 18, 2024 Nov 13, 2024 N/A· v4 7.8 HIGH· v3 N/A· v2 Insufficient validation in Ivanti Secure Access Client before 22.7R4 allows a local authenticated attacker to escalate their privileges.
CVE-2024-29211 1Ivanti 1Secure Access Client Nov 14, 2024 Nov 13, 2024 N/A· v4 4.7 MEDIUM· v3 N/A· v2 A race condition in Ivanti Secure Access Client before version 22.7R4 allows a local authenticated attacker to modify sensitive configuration files.
CVE-2024-9843 1Ivanti 1Secure Access Client Jan 17, 2025 Nov 12, 2024 N/A· v4 5.5 MEDIUM· v3 N/A· v2 A buffer over-read in Ivanti Secure Access Client before 22.7R4 allows a local unauthenticated attacker to cause a denial of service.
CVE-2024-9842 1Ivanti 1Secure Access Client Jan 17, 2025 Nov 12, 2024 N/A· v4 3.3 LOW· v3 N/A· v2 Incorrect permissions in Ivanti Secure Access Client before version 22.7R4 allows a local authenticated attacker to create arbitrary folders.
CVE-2024-8539 1Ivanti 1Secure Access Client Jan 17, 2025 Nov 12, 2024 N/A· v4 7.1 HIGH· v3 N/A· v2 Improper authorization in Ivanti Secure Access Client before version 22.7R3 allows a local authenticated attacker to modify sensitive configuration files.
CVE-2024-7571 1Ivanti 1Secure Access Client Jan 17, 2025 Nov 12, 2024 N/A· v4 7.8 HIGH· v3 N/A· v2 Incorrect permissions in Ivanti Secure Access Client before 22.7R4 allows a local authenticated attacker to escalate their privileges.
CVE-2023-46810 1Ivanti 1Secure Access Client Jun 20, 2025 May 31, 2024 N/A· v4 7.3 HIGH· v3 N/A· v2 A local privilege escalation vulnerability in Ivanti Secure Access Client for Linux before 22.7R1, allows a low privileged user to execute code as root.
CVE-2023-38042 1Ivanti 1Secure Access Client Jun 20, 2025 May 31, 2024 N/A· v4 7.8 HIGH· v3 N/A· v2 A local privilege escalation vulnerability in Ivanti Secure Access Client for Windows allows a low privileged user to execute code as SYSTEM.
CVE-2023-34298 1Ivanti 3Pulse Secure Desktop Client Pulse Secure Installer ServiceSecure Access Client Aug 13, 2025 May 3, 2024 N/A· v4 7.8 HIGH· v3 N/A· v2 Pulse Secure Client SetupService Directory Traversal Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Pulse Secure Client. An attacke...Show more Pulse Secure Client SetupService Directory Traversal Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Pulse Secure Client. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within SetupService. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the service. Was ZDI-CAN-17687.Show less
CVE-2023-41718 1Ivanti 1Secure Access Client Jan 7, 2025 Nov 15, 2023 N/A· v4 7.8 HIGH· v3 N/A· v2 When a particular process flow is initiated, an attacker may be able to gain unauthorized elevated privileges on the affected system when having control over a specific file.
CVE-2023-38544 1Ivanti 1Secure Access Client Nov 21, 2024 Nov 15, 2023 N/A· v4 5.5 MEDIUM· v3 N/A· v2 A logged in user can modify specific files that may lead to unauthorized changes in system-wide configuration settings. This vulnerability could be exploited to compromise the integrity and security of the network on the...Show more A logged in user can modify specific files that may lead to unauthorized changes in system-wide configuration settings. This vulnerability could be exploited to compromise the integrity and security of the network on the affected system.Show less
CVE-2023-38543 1Ivanti 1Secure Access Client Jan 7, 2025 Nov 15, 2023 N/A· v4 7.8 HIGH· v3 N/A· v2 A vulnerability exists on all versions of the Ivanti Secure Access Client below 22.6R1.1, which could allow a locally authenticated attacker to exploit a vulnerable configuration, potentially leading to a denial of servi...Show more A vulnerability exists on all versions of the Ivanti Secure Access Client below 22.6R1.1, which could allow a locally authenticated attacker to exploit a vulnerable configuration, potentially leading to a denial of service (DoS) condition on the user machine.Show less
CVE-2023-38043 1Ivanti 1Secure Access Client Nov 21, 2024 Nov 15, 2023 N/A· v4 7.8 HIGH· v3 N/A· v2 A vulnerability exists on all versions of the Ivanti Secure Access Client below 22.6R1.1, which could allow a locally authenticated attacker to exploit a vulnerable configuration, potentially leading to a denial of servi...Show more A vulnerability exists on all versions of the Ivanti Secure Access Client below 22.6R1.1, which could allow a locally authenticated attacker to exploit a vulnerable configuration, potentially leading to a denial of service (DoS) condition on the user machine and, in some cases, resulting in a full compromise of the system.Show less
CVE-2023-35080 1Ivanti 1Secure Access Client Jan 7, 2025 Nov 15, 2023 N/A· v4 7.8 HIGH· v3 N/A· v2 A vulnerability has been identified in the Ivanti Secure Access Windows client, which could allow a locally authenticated attacker to exploit a vulnerable configuration, potentially leading to various security risks, inc...Show more A vulnerability has been identified in the Ivanti Secure Access Windows client, which could allow a locally authenticated attacker to exploit a vulnerable configuration, potentially leading to various security risks, including the escalation of privileges, denial of service, or information disclosure.Show less

12 Next