Insecure Permissions in Ivanti Performance Manager Could Lead to Local Privilege Escalation
CVE-2024-11597
7.8HIGH
Summary
Under specific circumstances, insecure permissions in Ivanti Performance Manager before version 2024.3 HF1, 2024.1 HF1, or 2023.3 HF1 allows a local authenticated attacker to achieve local privilege escalation.
Affected Version(s)
Performance Manager <= 2024.3 HF1
Performance Manager >= 2024.3 HF1
Performance Manager >= 2024.1 HF1
Refferences
CVSS V3.1
Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved
Collectors
NVD DatabaseMitre Database