Search criteria
8 vulnerabilities found for Sentry by Ivanti
CVE-2023-39338 (GCVE-0-2023-39338)
Vulnerability from cvelistv5 – Published: 2025-07-12 03:30 – Updated: 2025-07-15 03:55
VLAI?
Summary
Enables an authenticated user (enrolled device) to access a service protected by Sentry even if they are not authorized according to the sentry policy to access that service. It does not enable the user to authenticate to or use the service, it just provides the tunnel access.
Severity ?
6.8 (Medium)
CWE
- CWE-732 - Incorrect Permission Assignment for Critical Resource
Assigner
References
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-39338",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-14T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-732",
"description": "CWE-732 Incorrect Permission Assignment for Critical Resource",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-15T03:55:09.051Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Sentry",
"vendor": "Ivanti",
"versions": [
{
"lessThan": "9.20",
"status": "affected",
"version": "9.0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Enables an authenticated user (enrolled device) to access a service protected by Sentry even if they are not authorized according to the sentry policy to access that service. It does not enable the user to authenticate to or use the service, it just provides the tunnel access."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.0"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-12T03:30:40.285Z",
"orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"shortName": "hackerone"
},
"references": [
{
"url": "https://forums.ivanti.com/s/article/CVE-2023-39338"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"assignerShortName": "hackerone",
"cveId": "CVE-2023-39338",
"datePublished": "2025-07-12T03:30:40.285Z",
"dateReserved": "2023-07-28T01:00:12.351Z",
"dateUpdated": "2025-07-15T03:55:09.051Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-8540 (GCVE-0-2024-8540)
Vulnerability from cvelistv5 – Published: 2024-12-10 18:52 – Updated: 2024-12-14 04:55
VLAI?
Summary
Insecure permissions in Ivanti Sentry before versions 9.20.2 and 10.0.2 or 10.1.0 allow a local authenticated attacker to modify sensitive application components.
Severity ?
8.8 (High)
CWE
- CWE-732 - Incorrect Permission Assignment for Critical Resource
Assigner
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-8540",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-13T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-14T04:55:18.267Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Sentry",
"vendor": "Ivanti",
"versions": [
{
"status": "unaffected",
"version": "9.20.2",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "10.0.2",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "10.1.0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eInsecure permissions in Ivanti Sentry \u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ebefore versions 9.20.2 and 10.0.2 or 10.1.0\u003c/span\u003e\u003cspan style=\"background-color: transparent;\"\u003e\u0026nbsp;allow a local authenticated attacker to \u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003emodify sensitive application components.\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;\u003c/span\u003e"
}
],
"value": "Insecure permissions in Ivanti Sentry before versions 9.20.2 and 10.0.2 or 10.1.0\u00a0allow a local authenticated attacker to modify sensitive application components."
}
],
"impacts": [
{
"capecId": "CAPEC-75",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-75 Manipulating Writeable Configuration Files"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-732",
"description": "CWE-732 Incorrect Permission Assignment for Critical Resource",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-12-10T18:52:17.010Z",
"orgId": "3c1d8aa1-5a33-4ea4-8992-aadd6440af75",
"shortName": "ivanti"
},
"references": [
{
"url": "https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Sentry-CVE-2024-8540"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "3c1d8aa1-5a33-4ea4-8992-aadd6440af75",
"assignerShortName": "ivanti",
"cveId": "CVE-2024-8540",
"datePublished": "2024-12-10T18:52:17.010Z",
"dateReserved": "2024-09-06T18:11:23.892Z",
"dateUpdated": "2024-12-14T04:55:18.267Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-41724 (GCVE-0-2023-41724)
Vulnerability from cvelistv5 – Published: 2024-03-31 01:45 – Updated: 2025-03-25 14:36
VLAI?
Summary
A command injection vulnerability in Ivanti Sentry prior to 9.19.0 allows unauthenticated threat actor to execute arbitrary commands on the underlying operating system of the appliance within the same physical or logical network.
Severity ?
9.6 (Critical)
CWE
- CWE-94 - Improper Control of Generation of Code ('Code Injection')
Assigner
References
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:ivanti:sentry:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "sentry",
"vendor": "ivanti",
"versions": [
{
"lessThanOrEqual": "9.19.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-41724",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-04-02T14:31:04.406728Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-25T14:36:27.737Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T19:01:35.551Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://forums.ivanti.com/s/article/CVE-2023-41724-Remote-Code-Execution-for-Ivanti-Standalone-Sentry"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Sentry",
"vendor": "Ivanti",
"versions": [
{
"lessThanOrEqual": "9.19.0",
"status": "affected",
"version": "9.19.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A command injection vulnerability in Ivanti Sentry prior to 9.19.0 allows unauthenticated threat actor to execute arbitrary commands on the underlying operating system of the appliance within the same physical or logical network. "
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 9.6,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-03-31T01:45:42.684Z",
"orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"shortName": "hackerone"
},
"references": [
{
"url": "https://forums.ivanti.com/s/article/CVE-2023-41724-Remote-Code-Execution-for-Ivanti-Standalone-Sentry"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"assignerShortName": "hackerone",
"cveId": "CVE-2023-41724",
"datePublished": "2024-03-31T01:45:42.684Z",
"dateReserved": "2023-08-31T01:00:11.771Z",
"dateUpdated": "2025-03-25T14:36:27.737Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-39338 (GCVE-0-2023-39338)
Vulnerability from nvd – Published: 2025-07-12 03:30 – Updated: 2025-07-15 03:55
VLAI?
Summary
Enables an authenticated user (enrolled device) to access a service protected by Sentry even if they are not authorized according to the sentry policy to access that service. It does not enable the user to authenticate to or use the service, it just provides the tunnel access.
Severity ?
6.8 (Medium)
CWE
- CWE-732 - Incorrect Permission Assignment for Critical Resource
Assigner
References
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-39338",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-14T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-732",
"description": "CWE-732 Incorrect Permission Assignment for Critical Resource",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-15T03:55:09.051Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Sentry",
"vendor": "Ivanti",
"versions": [
{
"lessThan": "9.20",
"status": "affected",
"version": "9.0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Enables an authenticated user (enrolled device) to access a service protected by Sentry even if they are not authorized according to the sentry policy to access that service. It does not enable the user to authenticate to or use the service, it just provides the tunnel access."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.0"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-12T03:30:40.285Z",
"orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"shortName": "hackerone"
},
"references": [
{
"url": "https://forums.ivanti.com/s/article/CVE-2023-39338"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"assignerShortName": "hackerone",
"cveId": "CVE-2023-39338",
"datePublished": "2025-07-12T03:30:40.285Z",
"dateReserved": "2023-07-28T01:00:12.351Z",
"dateUpdated": "2025-07-15T03:55:09.051Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-8540 (GCVE-0-2024-8540)
Vulnerability from nvd – Published: 2024-12-10 18:52 – Updated: 2024-12-14 04:55
VLAI?
Summary
Insecure permissions in Ivanti Sentry before versions 9.20.2 and 10.0.2 or 10.1.0 allow a local authenticated attacker to modify sensitive application components.
Severity ?
8.8 (High)
CWE
- CWE-732 - Incorrect Permission Assignment for Critical Resource
Assigner
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-8540",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-13T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-14T04:55:18.267Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Sentry",
"vendor": "Ivanti",
"versions": [
{
"status": "unaffected",
"version": "9.20.2",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "10.0.2",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "10.1.0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eInsecure permissions in Ivanti Sentry \u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ebefore versions 9.20.2 and 10.0.2 or 10.1.0\u003c/span\u003e\u003cspan style=\"background-color: transparent;\"\u003e\u0026nbsp;allow a local authenticated attacker to \u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003emodify sensitive application components.\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;\u003c/span\u003e"
}
],
"value": "Insecure permissions in Ivanti Sentry before versions 9.20.2 and 10.0.2 or 10.1.0\u00a0allow a local authenticated attacker to modify sensitive application components."
}
],
"impacts": [
{
"capecId": "CAPEC-75",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-75 Manipulating Writeable Configuration Files"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-732",
"description": "CWE-732 Incorrect Permission Assignment for Critical Resource",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-12-10T18:52:17.010Z",
"orgId": "3c1d8aa1-5a33-4ea4-8992-aadd6440af75",
"shortName": "ivanti"
},
"references": [
{
"url": "https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Sentry-CVE-2024-8540"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "3c1d8aa1-5a33-4ea4-8992-aadd6440af75",
"assignerShortName": "ivanti",
"cveId": "CVE-2024-8540",
"datePublished": "2024-12-10T18:52:17.010Z",
"dateReserved": "2024-09-06T18:11:23.892Z",
"dateUpdated": "2024-12-14T04:55:18.267Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-41724 (GCVE-0-2023-41724)
Vulnerability from nvd – Published: 2024-03-31 01:45 – Updated: 2025-03-25 14:36
VLAI?
Summary
A command injection vulnerability in Ivanti Sentry prior to 9.19.0 allows unauthenticated threat actor to execute arbitrary commands on the underlying operating system of the appliance within the same physical or logical network.
Severity ?
9.6 (Critical)
CWE
- CWE-94 - Improper Control of Generation of Code ('Code Injection')
Assigner
References
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:ivanti:sentry:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "sentry",
"vendor": "ivanti",
"versions": [
{
"lessThanOrEqual": "9.19.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-41724",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-04-02T14:31:04.406728Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-25T14:36:27.737Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T19:01:35.551Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://forums.ivanti.com/s/article/CVE-2023-41724-Remote-Code-Execution-for-Ivanti-Standalone-Sentry"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Sentry",
"vendor": "Ivanti",
"versions": [
{
"lessThanOrEqual": "9.19.0",
"status": "affected",
"version": "9.19.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A command injection vulnerability in Ivanti Sentry prior to 9.19.0 allows unauthenticated threat actor to execute arbitrary commands on the underlying operating system of the appliance within the same physical or logical network. "
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 9.6,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-03-31T01:45:42.684Z",
"orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"shortName": "hackerone"
},
"references": [
{
"url": "https://forums.ivanti.com/s/article/CVE-2023-41724-Remote-Code-Execution-for-Ivanti-Standalone-Sentry"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"assignerShortName": "hackerone",
"cveId": "CVE-2023-41724",
"datePublished": "2024-03-31T01:45:42.684Z",
"dateReserved": "2023-08-31T01:00:11.771Z",
"dateUpdated": "2025-03-25T14:36:27.737Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CERTFR-2024-AVI-1058
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans les produits Ivanti. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et un déni de service à distance.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Ivanti | Policy Secure (IPS) | Policy Secure (IPS) versions 22.7R1.x antérieures à 22.7R1.2 | ||
| Ivanti | Sentry | Sentry versions 10.0.x antérieures à 10.0.2 | ||
| Ivanti | Endpoint Manager (EPM) | Endpoint Manager versions 2022 SU6 et antérieures sans le dernier correctif publié par l'éditeur | ||
| Ivanti | Endpoint Manager (EPM) | Endpoint Manager versions 2024 et antérieures sans le dernier correctif publié par l'éditeur | ||
| Ivanti | Desktop and Server Management (DSM) | Desktop and Server Management (DSM) versions 2024.2 antérieures à 2024.3.5740 | ||
| Ivanti | Sentry | Sentry versions 10.1.x antérieures à 10.1.0 | ||
| Ivanti | Cloud Service Appliance (CSA) | Ivanti Cloud Services Application (CSA) versions 5.0.x antérieures à 5.0.3 | ||
| Ivanti | Connect Secure (ICS) | Connect Secure (ICS) versions 22.7R2.x antérieures à 22.7R2.4 | ||
| Ivanti | Sentry | Sentry versions 9.20.x antérieures à 9.20.2 |
References
| Title | Publication Time | Tags | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Policy Secure (IPS) versions 22.7R1.x ant\u00e9rieures \u00e0 22.7R1.2",
"product": {
"name": "Policy Secure (IPS)",
"vendor": {
"name": "Ivanti",
"scada": false
}
}
},
{
"description": "Sentry versions 10.0.x ant\u00e9rieures \u00e0 10.0.2",
"product": {
"name": "Sentry",
"vendor": {
"name": "Ivanti",
"scada": false
}
}
},
{
"description": "Endpoint Manager versions 2022 SU6 et ant\u00e9rieures sans le dernier correctif publi\u00e9 par l\u0027\u00e9diteur",
"product": {
"name": "Endpoint Manager (EPM)",
"vendor": {
"name": "Ivanti",
"scada": false
}
}
},
{
"description": "Endpoint Manager versions 2024 et ant\u00e9rieures sans le dernier correctif publi\u00e9 par l\u0027\u00e9diteur",
"product": {
"name": "Endpoint Manager (EPM)",
"vendor": {
"name": "Ivanti",
"scada": false
}
}
},
{
"description": "Desktop and Server Management (DSM) versions 2024.2 ant\u00e9rieures \u00e0 2024.3.5740",
"product": {
"name": "Desktop and Server Management (DSM)",
"vendor": {
"name": "Ivanti",
"scada": false
}
}
},
{
"description": "Sentry versions 10.1.x ant\u00e9rieures \u00e0 10.1.0",
"product": {
"name": "Sentry",
"vendor": {
"name": "Ivanti",
"scada": false
}
}
},
{
"description": "Ivanti Cloud Services Application (CSA) versions 5.0.x ant\u00e9rieures \u00e0 5.0.3",
"product": {
"name": "Cloud Service Appliance (CSA)",
"vendor": {
"name": "Ivanti",
"scada": false
}
}
},
{
"description": "Connect Secure (ICS) versions 22.7R2.x ant\u00e9rieures \u00e0 22.7R2.4",
"product": {
"name": "Connect Secure (ICS)",
"vendor": {
"name": "Ivanti",
"scada": false
}
}
},
{
"description": "Sentry versions 9.20.x ant\u00e9rieures \u00e0 9.20.2",
"product": {
"name": "Sentry",
"vendor": {
"name": "Ivanti",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2024-9844",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-9844"
},
{
"name": "CVE-2024-37377",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-37377"
},
{
"name": "CVE-2024-11772",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-11772"
},
{
"name": "CVE-2024-7572",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-7572"
},
{
"name": "CVE-2024-8540",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-8540"
},
{
"name": "CVE-2024-11773",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-11773"
},
{
"name": "CVE-2024-10256",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-10256"
},
{
"name": "CVE-2024-11633",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-11633"
},
{
"name": "CVE-2024-11639",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-11639"
},
{
"name": "CVE-2024-37401",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-37401"
},
{
"name": "CVE-2024-11634",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-11634"
}
],
"links": [],
"reference": "CERTFR-2024-AVI-1058",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2024-12-11T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Ivanti. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et un d\u00e9ni de service \u00e0 distance.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Ivanti",
"vendor_advisories": [
{
"published_at": "2024-12-10",
"title": "Bulletin de s\u00e9curit\u00e9 Ivanti Security-Advisory-Ivanti-Patch-SDK-CVE-2024-10256",
"url": "https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Patch-SDK-CVE-2024-10256"
},
{
"published_at": "2024-12-10",
"title": "Bulletin de s\u00e9curit\u00e9 Ivanti Security-Advisory-Ivanti-Cloud-Services-Application-CSA-CVE-2024-11639-CVE-2024-11772-CVE-2024-11773",
"url": "https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Cloud-Services-Application-CSA-CVE-2024-11639-CVE-2024-11772-CVE-2024-11773"
},
{
"published_at": "2024-12-10",
"title": "Bulletin de s\u00e9curit\u00e9 Ivanti Security-Advisory-Ivanti-Sentry-CVE-2024-8540",
"url": "https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Sentry-CVE-2024-8540"
},
{
"published_at": "2024-12-10",
"title": "Bulletin de s\u00e9curit\u00e9 Ivanti Security-Advisory-Ivanti-Desktop-and-Server-Management-DSM-CVE-2024-7572",
"url": "https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Desktop-and-Server-Management-DSM-CVE-2024-7572"
},
{
"published_at": "2024-12-10",
"title": "Bulletin de s\u00e9curit\u00e9 Ivanti December-2024-Security-Advisory-Ivanti-Connect-Secure-ICS-and-Ivanti-Policy-Secure-IPS-Multiple-CVEs",
"url": "https://forums.ivanti.com/s/article/December-2024-Security-Advisory-Ivanti-Connect-Secure-ICS-and-Ivanti-Policy-Secure-IPS-Multiple-CVEs"
}
]
}