CVE-2024-8540

Summary

Insecure permissions in Ivanti Sentry before versions 9.20.2 and 10.0.2 or 10.1.0 allow a local authenticated attacker to modify sensitive application components.

Affected Software

VendorProductVersion RangeStatus
IvantiSentry9.20.2unaffected
IvantiSentry10.0.2unaffected
IvantiSentry10.1.0unaffected

Weaknesses

  • CWE-732: CWE-732 Incorrect Permission Assignment for Critical Resource

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References