Ivanti Secure Access Client
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in Ivanti Secure Access Client.
By the Year
In 2025 there have been 1 vulnerability in Ivanti Secure Access Client with an average score of 7.1 out of ten. Last year, in 2024 Secure Access Client had 9 security vulnerabilities published. Right now, Secure Access Client is on track to have less security vulnerabilities in 2025 than it did last year. However, the average CVE base score of the vulnerabilities in 2025 is greater by 1.07.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2025 | 1 | 7.10 |
| 2024 | 9 | 6.03 |
| 2023 | 5 | 7.64 |
| 2022 | 0 | 0.00 |
| 2021 | 0 | 0.00 |
| 2020 | 0 | 0.00 |
| 2019 | 0 | 0.00 |
| 2018 | 0 | 0.00 |
It may take a day or so for new Secure Access Client vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Ivanti Secure Access Client Security Vulnerabilities
Insufficient permissions in Ivanti Secure Access Client before version 22.8R1
CVE-2024-13813
7.1 - High
- February 11, 2025
Insufficient permissions in Ivanti Secure Access Client before version 22.8R1 allows a local authenticated attacker to delete arbitrary files.
Incorrect Permission Assignment for Critical Resource
A race condition in Ivanti Secure Access Client before version 22.7R4
CVE-2024-29211
4.7 - Medium
- November 13, 2024
A race condition in Ivanti Secure Access Client before version 22.7R4 allows a local authenticated attacker to modify sensitive configuration files.
Race Condition
Ivanti Secure Access Client Privilege Escalation Vulnerability
CVE-2024-37398
7.8 - High
- November 13, 2024
Insufficient validation in Ivanti Secure Access Client before 22.7R4 allows a local authenticated attacker to escalate their privileges.
Ivanti Secure Access Client: Local Privilege Escalation via Improper Bounds Checking
CVE-2024-38654
- November 13, 2024
Improper bounds checking in Ivanti Secure Access Client before version 22.7R3 allows a local authenticated attacker with admin privileges to cause a denial of service.
A buffer over-read in Ivanti Secure Access Client before 22.7R4
CVE-2024-9843
5.5 - Medium
- November 12, 2024
A buffer over-read in Ivanti Secure Access Client before 22.7R4 allows a local unauthenticated attacker to cause a denial of service.
Out-of-bounds Read
Incorrect permissions in Ivanti Secure Access Client before version 22.7R4
CVE-2024-9842
3.3 - Low
- November 12, 2024
Incorrect permissions in Ivanti Secure Access Client before version 22.7R4 allows a local authenticated attacker to create arbitrary folders.
Improper authorization in Ivanti Secure Access Client before version 22.7R3
CVE-2024-8539
7.1 - High
- November 12, 2024
Improper authorization in Ivanti Secure Access Client before version 22.7R3 allows a local authenticated attacker to modify sensitive configuration files.
Incorrect permissions in Ivanti Secure Access Client before 22.7R4
CVE-2024-7571
7.8 - High
- November 12, 2024
Incorrect permissions in Ivanti Secure Access Client before 22.7R4 allows a local authenticated attacker to escalate their privileges.
A local privilege escalation vulnerability in Ivanti Secure Access Client for Linux before 22.7R1
CVE-2023-46810
- May 31, 2024
A local privilege escalation vulnerability in Ivanti Secure Access Client for Linux before 22.7R1, allows a low privileged user to execute code as root.
A local privilege escalation vulnerability in Ivanti Secure Access Client for Windows
CVE-2023-38042
- May 31, 2024
A local privilege escalation vulnerability in Ivanti Secure Access Client for Windows allows a low privileged user to execute code as SYSTEM.
A vulnerability exists on all versions of the Ivanti Secure Access Client below 22.6R1.1, which could
CVE-2023-38043
7.8 - High
- November 15, 2023
A vulnerability exists on all versions of the Ivanti Secure Access Client below 22.6R1.1, which could allow a locally authenticated attacker to exploit a vulnerable configuration, potentially leading to a denial of service (DoS) condition on the user machine and, in some cases, resulting in a full compromise of the system.
When a particular process flow is initiated
CVE-2023-41718
7.8 - High
- November 15, 2023
When a particular process flow is initiated, an attacker may be able to gain unauthorized elevated privileges on the affected system when having control over a specific file.
A vulnerability exists on all versions of the Ivanti Secure Access Client below 22.6R1.1, which could
CVE-2023-38543
7.8 - High
- November 15, 2023
A vulnerability exists on all versions of the Ivanti Secure Access Client below 22.6R1.1, which could allow a locally authenticated attacker to exploit a vulnerable configuration, potentially leading to a denial of service (DoS) condition on the user machine.
A vulnerability has been identified in the Ivanti Secure Access Windows client, which could
CVE-2023-35080
7.8 - High
- November 15, 2023
A vulnerability has been identified in the Ivanti Secure Access Windows client, which could allow a locally authenticated attacker to exploit a vulnerable configuration, potentially leading to various security risks, including the escalation of privileges, denial of service, or information disclosure.
A logged in user may elevate its permissions by abusing a Time-of-Check to Time-of-Use (TOCTOU) race condition
CVE-2023-38041
7 - High
- October 25, 2023
A logged in user may elevate its permissions by abusing a Time-of-Check to Time-of-Use (TOCTOU) race condition. When a particular process flow is initiated, an attacker can exploit this condition to gain unauthorized elevated privileges on the affected system.
TOCTTOU
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Ivanti Secure Access Client or by Ivanti? Click the Watch button to subscribe.
