CVE-2024-37403

Aug. 7, 2024, 3:17 p.m.

5.0
Medium

Description

Ivanti Docs@Work for Android, before 2.26.0 is affected by the 'Dirty Stream' vulnerability. The application fails to properly sanitize file names, resulting in a path traversal-affiliated vulnerability. This potentially enables other malicious apps on the device to read sensitive information stored in the app root.

Product(s) Impacted

Product Versions
Ivanti Docs@Work for Android
  • ['before 2.26.0']

Weaknesses

Common security weaknesses mapped to this vulnerability.

References

https://forums.ivanti.com/s/article/Security-Advisory-CVE-2024-37403-Dirty-Stream-for-Ivanti-Docs-Work-for-Android

Tags

support@hackerone.com
2024-08-07
CVE-2024-37403

CVSS Score

5.0 / 10

CVSS Data - 3.0

  • Attack Vector: LOCAL
  • Attack Complexity: LOW
  • Privileges Required: LOW
  • Scope: UNCHANGED
  • Confidentiality Impact: HIGH
  • Integrity Impact: NONE
  • Availability Impact: NONE

    • CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N

    View Vector String

Timeline

Published: Aug. 7, 2024, 4:17 a.m.
Last Modified: Aug. 7, 2024, 3:17 p.m.

Status : Awaiting Analysis

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

support@hackerone.com

*Disclaimer: Some vulnerabilities do not have an associated CPE. To enhance the data, we use AI to infer CPEs based on CVE details. This is an automated process and might not always be accurate.