ГлавнаяУязвимости → CVE-2024-10256
7.1высокая

CVE-2024-10256

Описание

Insufficient permissions in Ivanti Patch SDK before version 9.7.703 allows a local authenticated attacker to delete arbitrary files.

Затрагиваемое ПО
Ivanti Endpoint managerIvanti Neurons agent platformIvanti Neurons for patch managementIvanti Patch for configuration managerIvanti Patch software development kitIvanti Security controls
CVSS
Балл7.1 — высокая
ВекторCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
Источники
https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Patch-SDK-CVE-2024-10256