CVE-2023-39339
Unknown
Unknown - Not Provided
BaseFortify
Publication date: 2025-07-12
Last updated on: 2025-07-17
Assigner: HackerOne
Description
Description
A vulnerability exists on all versions of Ivanti Policy Secure below 22.6R1 where an authenticated administrator can perform an arbitrary file read via a maliciously crafted web request.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| ivanti | policy_secure | to 22.6 (exc) |
| ivanti | policy_secure | 22.6 |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-22 | The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in all versions of Ivanti Policy Secure below 22.6R1, where an authenticated administrator can exploit a flaw to perform an arbitrary file read by sending a specially crafted web request.
How can this vulnerability impact me? :
An attacker with administrator access could read arbitrary files on the system, potentially exposing sensitive information, which could lead to data breaches or unauthorized disclosure of confidential data.
Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70