threat
engine
.sh
Back
·
··:··
Home
/
Product
/
ivanti secure access client
Product
ivanti secure access client
26 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
Sort
Newest first
Oldest first
Highest CVSS
Lowest CVSS
Min CVSS
Any
4.0+
7.0+ (High)
9.0+ (Critical)
Published since
Reset
CVE-2026-7432
<= 22.7
A race condition in Ivanti Secure Access Client before 22.8R6 allows a locally authenticated user to escalate privileges to SYSTEM
7.8
HIGH
CVE-2026-7431
<= 22.7
An incorrect permission assignment for critical resource of Ivanti Secure Access Client before 22.8R6 allows a local authentic
4.4
MEDIUM
CVE-2025-0320
< 25.5.1.15
Local Privilege escalation allows a low-privileged user to gain SYSTEM privileges in Citrix Secure Access Client for Windows
7.8
HIGH
CVE-2025-22454
< 22.7
Insufficiently restrictive permissions in Ivanti Secure Access Client before 22.7R4 allows a local authenticated attacker to escal
7.8
HIGH
CVE-2025-1223
< 25.01.2
An attacker can gain application privileges in order to perform limited modification and/or read arbitrary data in Citrix Secure
6.1
MEDIUM
CVE-2025-1222
< 25.01.2
An attacker can gain application privileges in order to perform limited modification and/or read arbitrary data in Citrix Secure A
6.1
MEDIUM
CVE-2024-13813
< 22.8
Insufficient permissions in Ivanti Secure Access Client before version 22.8R1 allows a local authenticated attacker to delete arbi
7.1
HIGH
CVE-2024-38654
< 22.7
Improper bounds checking in Ivanti Secure Access Client before version 22.7R3 allows a local authenticated attacker with admin pri
4.4
MEDIUM
CVE-2024-37398
< 22.7
Insufficient validation in Ivanti Secure Access Client before 22.7R4 allows a local authenticated attacker to escalate their privi
7.8
HIGH
CVE-2024-29211
< 22.7
A race condition in Ivanti Secure Access Client before version 22.7R4 allows a local authenticated attacker to modify sensitive co
4.7
MEDIUM
CVE-2024-9843
< 22.7
A buffer over-read in Ivanti Secure Access Client before 22.7R4 allows a local unauthenticated attacker to cause a denial of servi
5.0
MEDIUM
CVE-2024-9842
< 22.7
Incorrect permissions in Ivanti Secure Access Client before version 22.7R4 allows a local authenticated attacker to create arbitra
7.3
HIGH
CVE-2024-8539
< 22.7
Improper authorization in Ivanti Secure Access Client before version 22.7R3 allows a local authenticated attacker to modify sensit
7.1
HIGH
CVE-2024-7571
< 22.7
Incorrect permissions in Ivanti Secure Access Client before 22.7R4 allows a local authenticated attacker to escalate their privile
7.8
HIGH
CVE-2023-46810
< 22.7
A local privilege escalation vulnerability in Ivanti Secure Access Client for Linux before 22.7R1, allows a low privileged user to
7.3
HIGH
CVE-2023-38042
< 22.7
A local privilege escalation vulnerability in Ivanti Secure Access Client for Windows allows a low privileged user to execute code
7.8
HIGH
CVE-2024-3661
< 24.06.1
DHCP can add routes to a client’s routing table via the classless static route option (121). VPN-based security solutions that r
7.6
HIGH
CVE-2023-34298
all versions
Pulse Secure Client SetupService Directory Traversal Local Privilege Escalation Vulnerability. This vulnerability allows local att
7.8
HIGH
CVE-2023-41718
all versions
When a particular process flow is initiated, an attacker may be able to gain unauthorized elevated privileges on the affected syst
7.8
HIGH
CVE-2023-38544
all versions
A logged in user can modify specific files that may lead to unauthorized changes in system-wide configuration settings. This vulne
5.5
MEDIUM
CVE-2023-38543
< 22.6
A vulnerability exists on all versions of the Ivanti Secure Access Client below 22.6R1.1, which could allow a locally authenticate
7.8
HIGH
CVE-2023-38043
< 22.6
A vulnerability exists on all versions of the Ivanti Secure Access Client below 22.6R1.1, which could allow a locally authenticate
7.8
HIGH
CVE-2023-35080
< 22.6
A vulnerability has been identified in the Ivanti Secure Access Windows client, which could allow a locally authenticated attacker
7.8
HIGH
CVE-2023-38041
< 22.6
A logged in user may elevate its permissions by abusing a Time-of-Check to Time-of-Use (TOCTOU) race condition. When a particular
7.0
HIGH
CVE-2023-24492
< 23.5.2
A vulnerability has been discovered in the Citrix Secure Access client for Ubuntu which, if exploited, could allow an attacker to
9.6
CRITICAL
CVE-2023-24491
< 23.5.1.3
A vulnerability has been discovered in the Citrix Secure Access client for Windows which, if exploited, could allow an attacker
7.8
HIGH
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh · Open-source threat intelligence platform · 100+ authoritative sources · Every fact traces to its origin