CVE-2024-8540

8.8HIGH

Key Information

Vendor: Ivanti
Status: Sentry
Vendor: CVE Published:; 10 December 2024

Summary

Insecure permissions in Ivanti Sentry before versions 9.20.2 and 10.0.2 or 10.1.0 allow a local authenticated attacker to modify sensitive application components.

Affected Version(s)

Sentry <= 9.20.2

Sentry >= 9.20.2

Sentry >= 10.0.2

Refferences

https://forums.ivanti.com/s/article/Security-Advisory-Iva...

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Dec 10, 2024

Collectors

NVD DatabaseMitre Database