Vulnerabilities > CVE-2018-6316 - Incorrect Authorization vulnerability in Ivanti Endpoint Security 8.5

047910
CVSS 6.0 - MEDIUM
Attack vector
NETWORK
Attack complexity
MEDIUM
Privileges required
SINGLE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL

Summary

Ivanti Endpoint Security (formerly HEAT Endpoint Management and Security Suite) 8.5 Update 1 and earlier allows an authenticated user with low privileges and access to the local network to bypass application whitelisting when using the Application Control module on Ivanti Endpoint Security in lockdown mode.

Vulnerable Configurations

Part Description Count
Application
Ivanti
2

Common Weakness Enumeration (CWE)