CVE-2018-6316
HIGHIvanti Endpoint Security < 8.5 Update 1 - Authenticated Application Whitelisting Bypass in Lockdown Mode
Title source: llmDescription
Ivanti Endpoint Security (formerly HEAT Endpoint Management and Security Suite) 8.5 Update 1 and earlier allows an authenticated user with low privileges and access to the local network to bypass application whitelisting when using the Application Control module on Ivanti Endpoint Security in lockdown mode.
References (1)
Core 1
Core References
Permissions Required x_refsource_confirm
https://community.ivanti.com/docs/DOC-65656
Scores
CVSS v3
7.5
EPSS
0.0057
EPSS Percentile
68.9%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-863
Status
published
Products (2)
ivanti/endpoint_security
8.5 update_1
ivanti/endpoint_security
< 8.5
Published
Feb 15, 2018
Tracked Since
Feb 18, 2026