Local Authenticated Attacker Can Delete Arbitrary Files in Ivanti Patch SDK Before v9.7.703
CVE-2024-10256
7.1HIGH
Key Information
- Vendor
- Ivanti
- Status
- Patch Sdk
- Endpoint Manager
- Security Controls
- Patch For Configuration Manager
- Vendor
- CVE Published:
- 10 December 2024
Summary
Insufficient permissions in Ivanti Patch SDK before version 9.7.703 allows a local authenticated attacker to delete arbitrary files.
Affected Version(s)
Patch SDK <= 9.7.703
Endpoint Manager <= 2024 November Security Update
Endpoint Manager >= 2024 November Security Update
Refferences
CVSS V3.1
Score:
7.1
Severity:
HIGH
Confidentiality:
None
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved
Collectors
NVD DatabaseMitre Database