ByteOS Network

NVD Vulnerability Details :

CVE-2018-6316

Analyzed

Source-cve@mitre.org

Published At-15 Feb, 2018 | 23:29

Updated At-03 Oct, 2019 | 00:03

Ivanti Endpoint Security (formerly HEAT Endpoint Management and Security Suite) 8.5 Update 1 and earlier allows an authenticated user with low privileges and access to the local network to bypass application whitelisting when using the Application Control module on Ivanti Endpoint Security in lockdown mode.

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Primary	3.0	7.5	HIGH	CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Primary	2.0	6.0	MEDIUM	AV:N/AC:M/Au:S/C:P/I:P/A:P

CPE Matches

Ivanti Software

>>endpoint_security>>Versions up to 8.5(inclusive)

cpe:2.3:a:ivanti:endpoint_security:*:*:*:*:*:*:*:*

Ivanti Software

>>endpoint_security>>8.5

cpe:2.3:a:ivanti:endpoint_security:8.5:update_1:*:*:*:*:*:*

Weaknesses

CWE ID	Type	Source
CWE-863	Primary	nvd@nist.gov

References

Hyperlink	Source	Resource
https://community.ivanti.com/docs/DOC-65656	cve@mitre.org	Permissions Required

CISA Catalog

Metrics

CPE Matches

Weaknesses

Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References

Change History