Overview
- Description
- Ivanti Endpoint Security (formerly HEAT Endpoint Management and Security Suite) 8.5 Update 1 and earlier allows an authenticated user with low privileges and access to the local network to bypass application whitelisting when using the Application Control module on Ivanti Endpoint Security in lockdown mode.
- Source
- cve@mitre.org
- NVD status
- Analyzed
Risk scores
CVSS 3.0
- Type
- Primary
- Base score
- 7.5
- Impact score
- 5.9
- Exploitability score
- 1.6
- Vector string
- CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
- Severity
- HIGH
CVSS 2.0
- Type
- Primary
- Base score
- 6
- Impact score
- 6.4
- Exploitability score
- 6.8
- Vector string
- AV:N/AC:M/Au:S/C:P/I:P/A:P
Weaknesses
- nvd@nist.gov
- CWE-863
Social media
- Hype score
- Not currently trending
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ivanti:endpoint_security:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "EE9FBCA2-F582-4FD5-8611-B26C8F39F2B9",
"versionEndIncluding": "8.5"
},
{
"criteria": "cpe:2.3:a:ivanti:endpoint_security:8.5:update_1:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "2F4ED7F0-2041-41DB-874C-88C528F5A1A2"
}
],
"operator": "OR"
}
]
}
]