HIGH🇵🇱 Wersja polska

CVE-2023-41724

CVSS 8.8v3.1pub. 2024-03-31upd. 2024-11-21

A command injection vulnerability in Ivanti Sentry prior to 9.19.0 allows unauthenticated threat actor to execute arbitrary commands on the underlying operating system of the appliance within the same physical or logical network.

CVSS Vector
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Ivanti Standalone Sentry

    APP
    Ivanti
    < 9.19.0
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2026-10520CRITICAL10.0⚠ KEVPL ✓ten sam produkt

RCE poprzez OS Command Injection w Ivanti Sentry (nieuwierzytelniony dostęp root)

CVE-2026-10523CRITICAL9.9PL ✓ten sam produkt

Authentication Bypass w Ivanti Sentry — tworzenie kont admina bez uwierzytelnienia

CVE-2024-8540HIGH8.8ten sam produkt

Insecure permissions in Ivanti Sentry before versions 9.20.2 and 10.0.2 or 10.1.0 allow a local authenticated ...

CVE-2026-1281CRITICAL9.8⚠ KEVPL ✓ten sam vendor

Krytyczny code injection w Ivanti Endpoint Manager Mobile (RCE bez uwierzytelnienia)

CVE-2026-1340CRITICAL9.8⚠ KEVPL ✓ten sam vendor

Code injection w Ivanti EPMM umożliwiający nieuwierzytelniony RCE