Ivanti Secure Access Client — known CVE vulnerabilities
Every CVE whose affected-product data names Ivanti Secure Access Client, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (21)
CVE-2026-8992 — CVSS 8.8 (high): An improper certificate validation vulnerability in Ivanti Secure Access Client before 22.8R6 allows a remote unauthenticated attacker to…
CVE-2023-35080 — CVSS 7.8 (high): A vulnerability has been identified in the Ivanti Secure Access Windows client, which could allow a locally authenticated attacker to…
CVE-2023-38042 — CVSS 7.8 (high): A local privilege escalation vulnerability in Ivanti Secure Access Client for Windows allows a low privileged user to execute code as…
CVE-2023-38043 — CVSS 7.8 (high): A vulnerability exists on all versions of the Ivanti Secure Access Client below 22.6R1.1, which could allow a locally authenticated…
CVE-2023-38543 — CVSS 7.8 (high): A vulnerability exists on all versions of the Ivanti Secure Access Client below 22.6R1.1, which could allow a locally authenticated…
CVE-2023-34298 — CVSS 7.8 (high): Pulse Secure Client SetupService Directory Traversal Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to…
CVE-2023-41718 — CVSS 7.8 (high): When a particular process flow is initiated, an attacker may be able to gain unauthorized elevated privileges on the affected system when…
CVE-2024-37398 — CVSS 7.8 (high): Insufficient validation in Ivanti Secure Access Client before 22.7R4 allows a local authenticated attacker to escalate their privileges.
CVE-2024-7571 — CVSS 7.8 (high): Incorrect permissions in Ivanti Secure Access Client before 22.7R4 allows a local authenticated attacker to escalate their privileges.
CVE-2025-22454 — CVSS 7.8 (high): Insufficiently restrictive permissions in Ivanti Secure Access Client before 22.7R4 allows a local authenticated attacker to escalate their…
CVE-2026-7432 — CVSS 7.8 (high): A race condition in Ivanti Secure Access Client before 22.8R6 allows a locally authenticated user to escalate privileges to SYSTEM
CVE-2023-46810 — CVSS 7.3 (high): A local privilege escalation vulnerability in Ivanti Secure Access Client for Linux before 22.7R1, allows a low privileged user to execute…
CVE-2024-9842 — CVSS 7.3 (high): Incorrect permissions in Ivanti Secure Access Client before version 22.7R4 allows a local authenticated attacker to create arbitrary…
CVE-2024-13813 — CVSS 7.1 (high): Insufficient permissions in Ivanti Secure Access Client before version 22.8R1 allows a local authenticated attacker to delete arbitrary…
CVE-2024-8539 — CVSS 7.1 (high): Improper authorization in Ivanti Secure Access Client before version 22.7R3 allows a local authenticated attacker to modify sensitive…
CVE-2023-38041 — CVSS 7.0 (high): A logged in user may elevate its permissions by abusing a Time-of-Check to Time-of-Use (TOCTOU) race condition. When a particular process…
CVE-2023-38544 — CVSS 5.5 (medium): A logged in user can modify specific files that may lead to unauthorized changes in system-wide configuration settings. This vulnerability…
CVE-2024-9843 — CVSS 5.0 (medium): A buffer over-read in Ivanti Secure Access Client before 22.7R4 allows a local unauthenticated attacker to cause a denial of service.
CVE-2024-29211 — CVSS 4.7 (medium): A race condition in Ivanti Secure Access Client before version 22.7R4 allows a local authenticated attacker to modify sensitive…
CVE-2026-7431 — CVSS 4.4 (medium): An incorrect permission assignment for critical resource of Ivanti Secure Access Client before 22.8R6 allows a local authenticated user to…
CVE-2024-38654 — CVSS 4.4 (medium): Improper bounds checking in Ivanti Secure Access Client before version 22.7R3 allows a local authenticated attacker with admin privileges…