CVE-2024-10256

Description

Insufficient permissions in Ivanti Patch SDK before version 9.7.703 allows a local authenticated attacker to delete arbitrary files.

CVSS breakdown

Affected products

• Ivanti / Endpoint Manager2024 November Security Update – 2024 November Security Update
• Ivanti / Endpoint Manager2022 SU6 November Security Update – 2022 SU6 November Security Update
• Ivanti / Neurons Agent Platform2024.4 – 2024.4
• Ivanti / Neurons for Patch Management2024.4 – 2024.4
• Ivanti / Patch for Configuration Manager2024.4 – 2024.4
• Ivanti / Patch SDK9.7.703 – 9.7.703
• Ivanti / Security Controls2024.4 – 2024.4

References

• MISChttps://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Patch-SDK-CVE-2024-10256