File Name Control Vulnerability in Ivanti Connect Secure and Ivanti Policy Secure
CVE-2024-12058
6.8MEDIUM
Summary
A security vulnerability present in Ivanti Connect Secure prior to version 22.7R2.6 and Ivanti Policy Secure prior to version 22.7R1.3 allows a remote authenticated attacker with administrative privileges to manipulate file names. This could lead to unauthorized reading of arbitrary files, potentially exposing sensitive data. Organizations using these products should evaluate their security postures and apply available patches to mitigate risks.
Affected Version(s)
Connect Secure 22.7R2.6
Policy Secure 22.7R1.3
References
CVSS V3.1
Score:
6.8
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Changed
Timeline
Vulnerability published
Vulnerability Reserved