Arbitrary File Read Vulnerability in Ivanti Policy Secure
CVE-2023-39339

4.9MEDIUM

Key Information:

Vendor: Ivanti
Status: Policy Secure
Vendor: CVE Published:; 12 July 2025

What is CVE-2023-39339?

A vulnerability exists in Ivanti Policy Secure prior to version 22.6R1 that allows authenticated administrators to perform arbitrary file reads. This can be exploited through a specially crafted web request, potentially leading to unauthorized access to sensitive files. Organizations using affected versions should apply the security patch to mitigate this risk.

Affected Version(s)

Policy Secure 22.6R1

References

https://forums.ivanti.com/s/article/Security-patch-releas...

CVSS V3.0

Score:

4.9

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 12, 2025
Vulnerability Reserved
Jul 28, 2023